Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Core Switch

To all

i need to make my core switch transparent for my access users the Gateway should be Firewall ip

1)if valn A access swicth users needs to communicate with other vlan B access switch they have to perfom intervaln routing

2) for going Outside to network Gateway should be Firewall ip

kinldy share some thoughts and idea with me i shall be very thanksful

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Core Switch

faizankhursheed wrote:

To all

i need to make my core switch transparent for my access users the Gateway should be Firewall ip

1)if valn A access swicth users needs to communicate with other vlan B access switch they have to perfom intervaln routing

2) for going Outside to network Gateway should be Firewall ip

kinldy share some thoughts and idea with me i shall be very thanksful

You have 2 choices -

1) make the core switch simply L2 ie. it does no inter-vla routng and have the vlan interfaces on the firewall

2) make the core switch responsible for the inter-vlan routing and then have a default-route on the core switch pointing to the firewall inside interface. You would also need to add routes to the firewall for the vlans on the core switch.

Assuming your core switch is L3 capable and you don't have to firewall between internal vlans option 2) is much better because it is standard setup and often a lot easier to configure than inter-vlan routng on your firewall which might not even be able to do that.

If you did use option 2) then the clients default-gateway would not be the firewall but the L3 vlan interface on the core switch.

Jon

1 REPLY
Hall of Fame Super Blue

Re: Core Switch

faizankhursheed wrote:

To all

i need to make my core switch transparent for my access users the Gateway should be Firewall ip

1)if valn A access swicth users needs to communicate with other vlan B access switch they have to perfom intervaln routing

2) for going Outside to network Gateway should be Firewall ip

kinldy share some thoughts and idea with me i shall be very thanksful

You have 2 choices -

1) make the core switch simply L2 ie. it does no inter-vla routng and have the vlan interfaces on the firewall

2) make the core switch responsible for the inter-vlan routing and then have a default-route on the core switch pointing to the firewall inside interface. You would also need to add routes to the firewall for the vlans on the core switch.

Assuming your core switch is L3 capable and you don't have to firewall between internal vlans option 2) is much better because it is standard setup and often a lot easier to configure than inter-vlan routng on your firewall which might not even be able to do that.

If you did use option 2) then the clients default-gateway would not be the firewall but the L3 vlan interface on the core switch.

Jon

429
Views
5
Helpful
1
Replies