We have a cisco 6500 switch on which we have lot of VLANS configured. Now we are moving some of the VLAN traffic filtering on the firewall which will be the next HOP.But, some of the L3 VLANS will be still working on the switch.
Now, If we are moving the traffic filtering on to the firewall,
we are shutting down the VLANs created on the switch so that the L2 functionality will forward the packets to the firewall.
If we shut down the VLAN will the L2 functionality work properly??
As some of the VLans still will be on the switch do i need to configure trunking on the ports connected to switch so that the traffic from the vlan passess to switch??
I am a bit confused on this..Please help as i need to implement this by the week end...
The VLAN and the interface VLAN (SVI) on the switch are separate instances, you can have only a L2 vlan defined in the vlan database and not an interface vlan (L3). Of course you need to ensure that the traffic from that vlan can get to the L3 device (firewall in ur case) so it can get out to other subnets.
If you don't have separate interfaces on the firewall, one for each vlan, then you can use trunking if the Firewall supports it.
The idea to have L3 vlan capabilities on the switch is to avoid using a separate device for inter-VLAN traffic.
So what you will have is that some of your VLAN have their default gateway on a SVI (L3 interface) on the switch while other VLAN have their default gateway on the firewall. This should work quite fine, as long as you make sure that the switch and the firewall have a common VLAN over which to exchange routing information.
I.e. on the firewall you have to make routing for the SVI networks towards the switch and on the switch you have to make the routing for the firewall VLANs point towards the firewall.
I am also now doing the same by connecting the firewall and switch interface in the same VLAN. amd i am creating sub-interfaces on the firewall. i will enable trunking on the switch ports which will be connected to the firewall where sub-interfaces are created.
Do i need to have trunking on all the interfaces connected to the firewall ???
In Routing i am giving default route in switch to point all the traffic to Firewall, but will this route have any effect on the L3 vlan traffic on the switch.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...