Re: MLS configuration for routing

johnstone_cisco · ‎10-07-2009

Hi

I'll set the scene...we are getting a Layer 2 ethernet presented LAN extension, that we wish to route to our firewall via a C3560G switch, using a routed port (See attachment for diagram).

Can you confirm this is possible and also how this would be configured?

Thanks

Brian

Jon Marshall · ‎10-07-2009

Brian

Yes it's possible. You need to configure the port on the 3560 that the LAN extension connects to as -

int gi0/1

no switchport

ip address 192.168.5.1 255.255.255.252

obviously the other end of the LAN extension wherever that is would be configured with the ip address 192.168.5.2/30.

Jon

johnstone_cisco · ‎10-07-2009

Hi Jon,

Would I need to put routing on the switch also?

Thanks

brian

Jon Marshall · ‎10-07-2009

Brian

Yes you would need to enable "ip routing" on the switch.

Your other option is simply to have the 3560 as a L2 switch only and run it to the firewall.

Jon

glen.grant · ‎10-07-2009

Yes routing would be turned on .

johnstone_cisco · ‎10-07-2009

Hi

I plan to put static routes on the switch

ip route 0.0.0.0 0.0.0.0 'my Firewall int address'

ip route '3rd Party lan' 255.255.255.0 'routed switch port'

I assume these entries will only effect the traffic via the routed port, the remaining layer 2 ports on the switch will continue to act as normal?

Thanks

Brian

Jon Marshall · ‎10-07-2009

Brian

ip route '3rd Party lan' 255.255.255.0 'routed switch port'

would be better to use

ip route '3rd Party lan' 255.255.255.0 ie. 192.168.5.2 in the example i gave.

"I assume these entries will only effect the traffic via the routed port, the remaining layer 2 ports on the switch will continue to act as normal?"

the routes will affect any traffic that is routed on your 3560 especially the default route. Looking at your setup this should be fine.

Jon