Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2704
Views
0
Helpful
2
Replies

Change default gateway for one Vlan only

Go to solution
mikeschriver
Level 1
Level 1

‎08-20-2014 02:10 PM - edited ‎03-07-2019 08:28 PM

We have a 6500 core switch which handles all the routing for multiple Vlans.  The cores default gateway is an ASA 5510 to the internet.  All outlying switches are 3750's with trunks to them and are part of the same VTP domain (6500 server).

We are introducing another organization to our network and going to place them on their own Vlan.  They are hanging off one of the 3750's and on Vlan 3. Their gateway is 192.168.2.254 ASA firewall, also on Vlan 3.  The problem comes where they now need access to other Vlans routed off the 6500.  If I make their gateway 192.168.2.1 (6500) then they will be directed to the wrong firewall for their internet.  We need them to still go out their ASA 5505 on Vlan 3.

Now I know I cannot route from the ASA 5505 which would solve my problem if I could.   What I was hoping to do instead though is somehow use the 6500 or 3750 to route all Vlan 3 traffic out the ASA5505.  I just cannot figure out how to do that or if it is even possible.  If someone can point me in the right direction if it is even possible I would be very greatfull.   All I can think of is hang another router in Vlan 3 and let them use that as their default gateway so I can use that to route the few Vlans they need access to back through the 6500.

Anyways there is probably a much simpler solution that this rookie just aint thinking of :)

This map may help with my poor explanation.  Thanks for any help you can give.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎08-20-2014 03:47 PM

You could point the default-gateway to the 6k5 and send all internet-traffic through policy-based routing (PBR) to the 5505. That's probably the easiest solution.

The config-guide shows how to configure that:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/config_guide/sup2T/15_1_sy_swcg_2T/policy_based_routing_pbr.pdf

 

A different solution could be to terminate VLAN3 on the 5505 and use an additional VLAN as a transfer-network to the 6k5. There you would need an additional route for vlan3 to the ASA 5505.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎08-20-2014 03:47 PM

You could point the default-gateway to the 6k5 and send all internet-traffic through policy-based routing (PBR) to the 5505. That's probably the easiest solution.

The config-guide shows how to configure that:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/config_guide/sup2T/15_1_sy_swcg_2T/policy_based_routing_pbr.pdf

 

A different solution could be to terminate VLAN3 on the 5505 and use an additional VLAN as a transfer-network to the 6k5. There you would need an additional route for vlan3 to the ASA 5505.

0 Helpful

Go to solution
mikeschriver
Level 1
Level 1
In response to Karsten Iwen

‎08-22-2014 07:18 AM

Thank you Karsten!  Not sure why I was trying to make this difficult. :)

 

I just set this up in our lab and it works like a charm.  Set an ACL for the whole subnet. Created a route map using "default next-hop" then assigned it to the Vlan interface on the 6500.  All traffic not in the routing table gets directed to the default next-hop.

 

Thanks again for opening my eyes.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card