static routing and switch vlan

Answered Question
Sep 11th, 2010

Dear all,

I have a three Routers that connect to a three VLANs.

Router A connect to VLAN2

Router B connect to VLAN3

Router C connect to VLAN4

Router A, Router B and Router C is configured with a static route and thery are  supplied by the third party

We can not change the setting to EIGRP

The traffice of VLAN2,VLAN3 AND VLAN4 are passed to VLAN5

VLAN5 are connected to a firewall.

(Please take a look for the attachement)

How can I set the switch?

Thank you

Attachment: 
I have this problem too.
0 votes
Correct Answer by Nagaraja Thanthry about 6 years 2 months ago

Hello,

If you do not have a default gateway, you cannot communicate with anybody.

That network will be isolated. You need to give a default gateway so that

the router can communicate with other devices.

With regard to the second question, you can configure access-list on the

switch to block communication between the banks.

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 101 permit ip any any

access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 102 permit ip any any

access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 103 permit ip any any

interface vlan 1

ip access-group 101 in

exit

interface vlan 2

ip access-group 102 in

exit

interface vlan 3

ip access-group 103 in

exit

Regards,

NT

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Nagaraja Thanthry Sun, 09/12/2010 - 00:24

Hello,

If you cannot run any routing protocol, please configure the switch for

basic routing:

interface vlan 2

ip address 192.168.1.1 255.255.255.0

exit

interface vlan 3

ip address 192.168.2.1 255.255.255.0

exit

interface vlan 4

ip address 192.168.3.1 255.255.255.0

exit

interface vlan 5

ip address 192.168.55.2 255.255.255.0

exit

ip routing

ip route 0.0.0.0 0.0.0.0 192.168.55.1 (Firewall IP)

On Router A:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

On Router B:

ip route 0.0.0.0 0.0.0.0 192.168.2.1

On Router C:

ip route 0.0.0.0 0.0.0.0 192.168.3.1

On the Firewall:

route inside 192.168.0.0 255.255.0.0 192.168.55.2

Hope this helps.

Regards,

NT

csccomthb Sun, 09/12/2010 - 00:58

Dear NT,

Thank you for your reply. but Router A,Router B,Router C were supplied by third party. I can NOT log into Router to do the setting.

So, the static route can NOT add to Router A

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route 0.0.0.0 0.0.0.0 192.168.2.1

ip route 0.0.0.0 0.0.0.0 192.168.3.1

May I use  redistribute a static route to an interface technolog?

And How to set them?

Thank you

Nagaraja Thanthry Sun, 09/12/2010 - 05:38

Hello,

Are those routers running any other routing protocols? Can you tell us what

the purpose of this setup is? How exactly the traffic flows? Are those

routers signify 3 ISP connections?

Regards,

NT

csccomthb Sun, 09/12/2010 - 05:52

Hi,

Thank you for your reply. These routers are connect to bank ( There are a leased line connected)

For security reason. I don't know these router's configuration. They just told us a set of IP address.

I asked the bank to change the configuration and they said no.

Actually, I can connect these router to my firewall directly. but if the connection increased, I need to increase the port of firewall.

So  I want them to connect to switch (with L3) and the traffic pass to VLAN5, VLAN5 connect to firewall

Thank you

Nagaraja Thanthry Sun, 09/12/2010 - 05:56

Hello,

Do you know the IP address of the routers and their default gateway

information?

Regards,

NT

csccomthb Sun, 09/12/2010 - 05:59

Hi,

thank you for your reply

Yes, I know the IP address and default gateway of the routers

thank you

Nagaraja Thanthry Sun, 09/12/2010 - 06:07

Hello,

In that case, you can configure the switch interface to be the IP of the

router default gateway. For example, if the Router A has a default gateway

of 192.168.1.100, then, on the switch:

interface vlan 1

ip address 192.168.1.100 255.255.255.0

exit

This way, the router sends all the traffic to your switch and then switch

can route the traffic to the PIX via vlan 5.

Regards,

NT

csccomthb Sun, 09/12/2010 - 06:17

Hi,

thank you for your reply very much.

(1) in my memory, one of router seems not give the default way, how can I set for this case?

(2) VLAN 2,VLAN3 and VLAN4 can NOT communicated each other for security reason. how can I set it?

Thank you

Correct Answer
Nagaraja Thanthry Sun, 09/12/2010 - 06:23

Hello,

If you do not have a default gateway, you cannot communicate with anybody.

That network will be isolated. You need to give a default gateway so that

the router can communicate with other devices.

With regard to the second question, you can configure access-list on the

switch to block communication between the banks.

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 101 permit ip any any

access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 102 permit ip any any

access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 103 permit ip any any

interface vlan 1

ip access-group 101 in

exit

interface vlan 2

ip access-group 102 in

exit

interface vlan 3

ip access-group 103 in

exit

Regards,

NT

Actions

This Discussion