Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
388
Views
5
Helpful
5
Replies

layer 2 connection to a firewall

axfalk
Level 1
Level 1

‎09-10-2007 02:40 PM - edited ‎03-05-2019 06:23 PM

We have a firewall downstream from our Layer3 switch. If I were to define a port on the switch as a layer 2 port (switchport) and connect one of the fw int to that port, would the IP address of the int on the fw and the IP address of the vlan that the port belongs to have to be on the same subnet?

Thanks...

Labels:
0 Helpful
5 Replies 5

JORGE RODRIGUEZ
Level 10
Level 10

‎09-10-2007 04:42 PM

Hi Greg,

If you were to connect the fw interface to a layer 2 port whether is a L2 or L3 switch you must create a vlan in the switch and place that port in that new vlan for the switchport to reference the fw layer 3 interface-subnet, this is only if that port is currently in a vlan-subnet different from the fw interface subnet.

Remember, access ports operate at layer 2, once you make a switch port a member of a particular vlan is when you have layer 3 interfaces-subnets with their respective vlans defined.

HTH

Jorge

Jorge Rodriguez

axfalk
Level 1
Level 1

‎09-10-2007 05:12 PM

Thanks for your response. So, what you're saying is that a switchport has to belong to a vlan whose subnet is the same as the one on the fw int....

Thanks again...

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to axfalk

‎09-11-2007 04:08 AM

That is correct.

Jorge

Jorge Rodriguez
0 Helpful

axfalk
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎09-11-2007 01:42 PM

Thanks. Is this generally true for all the connections from a layer 3 swithchport to a router?

thanx..

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to axfalk

‎09-11-2007 03:48 PM

when you use " switchport mode access" or

"switchport access vlan # " on the port it is no longer a layer 3 port, once you introduce the " no switchport mode access " and introduce and IP address on the port it becomes a routed port and is no longer a layer 2 port.

Jorge Rodriguez
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card