Re: Catalyst 3560 VLAN Routing

challc2008 · ‎11-03-2009

We have 10 VLAN's created with in our network. DHCP and VLAN is setup on the 3560 switch.

There is an "ip default-gateway" command pointing to the interface on our firewall which is connected to the switch and it is on VLAN1.

We would like all traffic from two VLAN's to go through our proxy server that is located in our data center instead of directly going out to the net.

I can accomplish this via group policy since the computers are on the domain but I have been asked to accomplish this via this switch i.e; route traffic from the two VLAN's to our proxy server located in our data center over the VPN.

Will appreciate your help and feed back.

Jon Marshall · ‎11-03-2009

Well you can use PBR (Policy Based Routing) to direct the traffic of the 2 vlans to the proxy server.

What is confusing is whether or not the 3560 switch is routing for the vlans or not. The "ip default-gateway" is only used for the switch itself ie. not the other vlans. Do you have a default-route on the 3560 pointing to the firewall as well ?

Jon

challc2008 · ‎11-03-2009

I'm assuming you are talking about this?

All VLANs are directly connected interfaces.

IP Routing is enabled on the switch but RIP is not configured. On our Firewall (Juniper Netscreen 204) we have static entries for all the VLAN's like this:

"set route 192.168.12.0/24 int eth4 gateway 192.168.12.1"

(eth4 is 192.168.8.1)

192.168.8.1 (Interface on the Firewall and VLAN 1 on the switch)

#sh conf | inc route

default-router 192.168.13.1 (VLAN 13)

default-router 192.168.15.1 (VLAN 15)

default-router 192.168.14.1 (VLAN 14)

default-router 192.168.12.1 (VLAN 12)

ip route 0.0.0.0 0.0.0.0 192.168.8.1

challc2008 · ‎11-05-2009

Any ideas?