Core Switch

Answered Question
Sep 25th, 2010

To all

i need to make my core switch transparent for my access users the Gateway should be Firewall ip

1)if valn A access swicth users needs to communicate with other vlan B access switch they have to perfom intervaln routing

2) for going Outside to network Gateway should be Firewall ip

kinldy share some thoughts and idea with me i shall be very thanksful

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 6 years 3 months ago

faizankhursheed wrote:

To all

i need to make my core switch transparent for my access users the Gateway should be Firewall ip

1)if valn A access swicth users needs to communicate with other vlan B access switch they have to perfom intervaln routing

2) for going Outside to network Gateway should be Firewall ip

kinldy share some thoughts and idea with me i shall be very thanksful

You have 2 choices -

1) make the core switch simply L2 ie. it does no inter-vla routng and have the vlan interfaces on the firewall

2) make the core switch responsible for the inter-vlan routing and then have a default-route on the core switch pointing to the firewall inside interface. You would also need to add routes to the firewall for the vlans on the core switch.

Assuming your core switch is L3 capable and you don't have to firewall between internal vlans option 2) is much better because it is standard setup and often a lot easier to configure than inter-vlan routng on your firewall which might not even be able to do that.

If you did use option 2) then the clients default-gateway would not be the firewall but the L3 vlan interface on the core switch.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Sat, 09/25/2010 - 03:57

faizankhursheed wrote:

To all

i need to make my core switch transparent for my access users the Gateway should be Firewall ip

1)if valn A access swicth users needs to communicate with other vlan B access switch they have to perfom intervaln routing

2) for going Outside to network Gateway should be Firewall ip

kinldy share some thoughts and idea with me i shall be very thanksful

You have 2 choices -

1) make the core switch simply L2 ie. it does no inter-vla routng and have the vlan interfaces on the firewall

2) make the core switch responsible for the inter-vlan routing and then have a default-route on the core switch pointing to the firewall inside interface. You would also need to add routes to the firewall for the vlans on the core switch.

Assuming your core switch is L3 capable and you don't have to firewall between internal vlans option 2) is much better because it is standard setup and often a lot easier to configure than inter-vlan routng on your firewall which might not even be able to do that.

If you did use option 2) then the clients default-gateway would not be the firewall but the L3 vlan interface on the core switch.

Jon

Actions

This Discussion