Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

vlan different

hi! if i've a network setup with

a pair of 4506 with hsrp and vlan routing---> connected to a checkpoint firewall, default route on the firewall itself to route the network at the private network out----->(2xL2 3650 sw) private network without any vlan configured. only configured default-gateway on the switches itself and management ip on vlan 1+trunk between these 2 switches. Will it make any different in the private network if i would to configure a vlan 42 there compared to no vlan? Will the private host still able to reach the 4506 sw by adding in vlan42?

Anothe question on static route below

ip route

ip route 251

which one will be the prefered route out?



Re: vlan different

I'm not sure I understand your question about vlan 42, but the static  routes are another story.

Anothe question on static route below

ip route

ip  route 251

which one will be the prefered route  out?

Unless you're learning your subnet from a routing protocol (eigrp/ospf/bgp/etc.), the more specific route will be chosen. Say you don't have a routing protocol and you only rely on static routes. In the example above, if anyone goes to (in the range of, then it's going to choose the second route and go out If anyone tries to go anywhere else not in the subnet, then it'll go out the (first route) gateway.

If you DO have a routing protocol, then the second route will NOT be used unless the route learned from the routing protocol drops out of the table due to loss of connection etc.


If you have a bgp learned route for, it would look something like:

B [20/0] via

If you lose your connection to, then the routing table will be updated like:

S [251/0] via



** Please rate helpful posts **

HTH, John *** Please rate all useful posts ***
New Member

Re: vlan different


The vlan question is that i've 2x L2 3560 sitting behind a firewall connected to my core sw(4506). Behind this firewall, the 2x L2 switches(3560) are not configured with any vlan. it has only one network segment within it. The gw for this network segment is at the firewall connected to one of this sw. Currently there isn't any vlan created on the L2 3560 switches. (only switchport mode access, and default-gateway command configured)

My question is that, if i would to create a vlan (eg. vlan42) in the L2 3560  switches and assign all the sw ports (of course exclude the trunk between each sw) in there as vlan access port vlan42.....can the host in there still able to reach the host outside the firewall (currently it working fine)?

currently, the native vlan for the L3 4506 is vlan10 and the L2 3560's native vlan is 1. does that matter in this case?


CreatePlease to create content