Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
704
Views
5
Helpful
1
Replies

Core Switch

Go to solution
Faizan Khursheed
Level 1
Level 1

‎09-25-2010 03:43 AM - edited ‎03-06-2019 01:10 PM

To all

i need to make my core switch transparent for my access users the Gateway should be Firewall ip

1)if valn A access swicth users needs to communicate with other vlan B access switch they have to perfom intervaln routing

2) for going Outside to network Gateway should be Firewall ip

kinldy share some thoughts and idea with me i shall be very thanksful

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-25-2010 03:57 AM 

faizankhursheed wrote:
To all
i need to make my core switch transparent for my access users the Gateway should be Firewall ip
1)if valn A access swicth users needs to communicate with other vlan B access switch they have to perfom intervaln routing
2) for going Outside to network Gateway should be Firewall ip
kinldy share some thoughts and idea with me i shall be very thanksful

You have 2 choices -

1) make the core switch simply L2 ie. it does no inter-vla routng and have the vlan interfaces on the firewall

2) make the core switch responsible for the inter-vlan routing and then have a default-route on the core switch pointing to the firewall inside interface. You would also need to add routes to the firewall for the vlans on the core switch.

Assuming your core switch is L3 capable and you don't have to firewall between internal vlans option 2) is much better because it is standard setup and often a lot easier to configure than inter-vlan routng on your firewall which might not even be able to do that.

If you did use option 2) then the clients default-gateway would not be the firewall but the L3 vlan interface on the core switch.

Jon

View solution in original post

1 Reply 1

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-25-2010 03:57 AM 

faizankhursheed wrote:
To all
i need to make my core switch transparent for my access users the Gateway should be Firewall ip
1)if valn A access swicth users needs to communicate with other vlan B access switch they have to perfom intervaln routing
2) for going Outside to network Gateway should be Firewall ip
kinldy share some thoughts and idea with me i shall be very thanksful

You have 2 choices -

1) make the core switch simply L2 ie. it does no inter-vla routng and have the vlan interfaces on the firewall

2) make the core switch responsible for the inter-vlan routing and then have a default-route on the core switch pointing to the firewall inside interface. You would also need to add routes to the firewall for the vlans on the core switch.

Assuming your core switch is L3 capable and you don't have to firewall between internal vlans option 2) is much better because it is standard setup and often a lot easier to configure than inter-vlan routng on your firewall which might not even be able to do that.

If you did use option 2) then the clients default-gateway would not be the firewall but the L3 vlan interface on the core switch.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card