Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L3 routing

Hi, I have connected Firewall to Switch. Presently all inter Vlan traffic routing through L3 switch, Now I want to stop internal routing in L3 switch. i want all inter vlan traffic will route through firewall and only intra vlan traffic will route through switch.

4 REPLIES

Re: L3 routing

This may be achieved by adding acl's to SVI's. default-gateway or specific routes pointing to FW.

New Member

Re: L3 routing

I would simplfy this by removing the VLAN interfaces (currently the gateways) from the switch (appart from the one you want to use to access the switch for mangement), remove the routing and adding the gatewyas to the firewall either by using the pysical ports in an access port on the switch for the particular vlan or, subinterfacing a single firewall interface for a gateway in each vlan connected to a trunk on the switch.

Basically a "router on a stick" setup, which is effectivly what you are trying to achieve.

New Member

Re: L3 routing

Hi, I can not remove the vlan, coz, lots of server and users are connected in the vlan...total 10 vlans are configured in my Switch. I want that... in the same network if any server from a vlan wants to connect to another server in other vlan, then the traffic must be forward towards Firewall and firewall will check then again will forward towards Switch. coz, all the vlans are configured in the same switch. like this.

Cisco Employee

Re: L3 routing

Which L3 switch you are using ?

Simplest is " no ip routing " on the switch (depending upon the hardware).

Other way is to delete the SVI's on the switch and the assing the same IP on the firewall trunk interface. This way your all the host will noow use the firewall as the GW. You can assign any other free IP to one of the SVI to manage the switch.

Confg t

no interface vlan 1

no interface vlan 2

no interface vlan 3

Please plan a proper downtime for this activity.

HTH,

-amit singh

118
Views
0
Helpful
4
Replies