Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

routing question

hi! currently i've the following config in my core sw. We're deploying a new software based FW + a SSL GW in my network. I've attached a diagram with sample wan ip segments to illustrate the scenario. Eg. In the public DMZ segment, i;ve added in an umanaged sw to enable 3 connections from this segment. My question is that can this work by turning one of my core switch's port to L3 using the command no switch port and set the ip to + add a route "ip route guest" to the core sw? (of course the existing ip route guest command will be removed). Will this route enable clients from the VRF network to go to the internet?

I would also add a route to enable traffic to segment by adding another route to the core sw "ip route".

Is the routing required for this public/private dmz being done correctly? Any additional route required in the static route or routing protocol?

My last question is why there's a need to have a private dmz with a private address in this case?

Thanks in advance

ip vrf guest

description guest internet access

rd 100:1

route-target export 100:1

route-target import 100:1

interface loopback11

ip vrf forwarding guest

ip address

interface vlan 11

ip vrf forwarding guest

ip address

standby 1 ip

standby 1 priority 150

standby 1 preempt

router ospf 11 vrf guest
passive-interface default
no passive-interface Vlan123
network area 0
network area 0

ip route guest

Community Member

Re: routing question

hi! ANyone has any comment or know how do i enable my client in the vrf network to be routable to and able to access the internet from there based on my scenario? Do i need to add in the command "ip vrf forwarding guest" in my physical interface where the ip is configured? pls advise. thks

Community Member

Re: routing question

hi! Anyone, any help on this? still can't figure out how to get this to work. thx

CreatePlease to create content