06-29-2010 09:11 AM - edited 03-06-2019 11:49 AM
hi! if i've a network setup with
a pair of 4506 with hsrp and vlan routing---> connected to a checkpoint firewall, default route on the firewall itself to route the network at the private network out----->(2xL2 3650 sw) private network without any vlan configured. only configured default-gateway on the switches itself and management ip on vlan 1+trunk between these 2 switches. Will it make any different in the private network if i would to configure a vlan 42 there compared to no vlan? Will the private host still able to reach the 4506 sw by adding in vlan42?
Anothe question on static route below
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 10.0.0.0 255.0.0.0 10.1.1.2 251
which one will be the prefered route out?
thx
06-29-2010 09:27 AM
I'm not sure I understand your question about vlan 42, but the static routes are another story.
Anothe question on static route below
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 10.0.0.0 255.0.0.0 10.1.1.2 251
which one will be the prefered route out?
Unless you're learning your 10.0.0.0 subnet from a routing protocol (eigrp/ospf/bgp/etc.), the more specific route will be chosen. Say you don't have a routing protocol and you only rely on static routes. In the example above, if anyone goes to 10.1.1.5 (in the range of 10.0.0.0/8), then it's going to choose the second route and go out 10.1.1.2. If anyone tries to go anywhere else not in the 10.0.0.0/8 subnet, then it'll go out the 10.1.1.1 (first route) gateway.
If you DO have a routing protocol, then the second route will NOT be used unless the route learned from the routing protocol drops out of the table due to loss of connection etc.
Example:
If you have a bgp learned route for 10.0.0.0/8, it would look something like:
B 10.0.0.0 255.255.255.0 [20/0] via 10.1.1.1
If you lose your connection to 10.1.1.1, then the routing table will be updated like:
S 10.0.0.0 255.0.0.0 [251/0] via 10.1.1.2
HTH,
John
** Please rate helpful posts **
06-29-2010 05:44 PM
hi!
The vlan question is that i've 2x L2 3560 sitting behind a firewall connected to my core sw(4506). Behind this firewall, the 2x L2 switches(3560) are not configured with any vlan. it has only one network segment within it. The gw for this network segment is at the firewall connected to one of this sw. Currently there isn't any vlan created on the L2 3560 switches. (only switchport mode access, and default-gateway command configured)
My question is that, if i would to create a vlan (eg. vlan42) in the L2 3560 switches and assign all the sw ports (of course exclude the trunk between each sw) in there as vlan access port vlan42.....can the host in there still able to reach the host outside the firewall (currently it working fine)?
currently, the native vlan for the L3 4506 is vlan10 and the L2 3560's native vlan is 1. does that matter in this case?
thx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide