Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

vlan different

hi! if i've a network setup with

a pair of 4506 with hsrp and vlan routing---> connected to a checkpoint firewall, default route on the firewall itself to route the network at the private network out----->(2xL2 3650 sw) private network without any vlan configured. only configured default-gateway on the switches itself and management ip on vlan 1+trunk between these 2 switches. Will it make any different in the private network if i would to configure a vlan 42 there compared to no vlan? Will the private host still able to reach the 4506 sw by adding in vlan42?

Anothe question on static route below

ip route 0.0.0.0 0.0.0.0 10.1.1.1

ip route 10.0.0.0 255.0.0.0 10.1.1.2 251

which one will be the prefered route out?

thx

2 REPLIES

Re: vlan different

I'm not sure I understand your question about vlan 42, but the static  routes are another story.

Anothe question on static route below

ip route 0.0.0.0 0.0.0.0 10.1.1.1

ip  route 10.0.0.0 255.0.0.0 10.1.1.2 251

which one will be the prefered route  out?

Unless you're learning your 10.0.0.0 subnet from a routing protocol (eigrp/ospf/bgp/etc.), the more specific route will be chosen. Say you don't have a routing protocol and you only rely on static routes. In the example above, if anyone goes to 10.1.1.5 (in the range of 10.0.0.0/8), then it's going to choose the second route and go out 10.1.1.2. If anyone tries to go anywhere else not in the 10.0.0.0/8 subnet, then it'll go out the 10.1.1.1 (first route) gateway.

If you DO have a routing protocol, then the second route will NOT be used unless the route learned from the routing protocol drops out of the table due to loss of connection etc.

Example:

If you have a bgp learned route for 10.0.0.0/8, it would look something like:

B 10.0.0.0 255.255.255.0 [20/0] via 10.1.1.1

If you lose your connection to 10.1.1.1, then the routing table will be updated like:

S 10.0.0.0 255.0.0.0 [251/0] via 10.1.1.2

HTH,

John

** Please rate helpful posts **

HTH, John *** Please rate all useful posts ***
New Member

Re: vlan different

hi!

The vlan question is that i've 2x L2 3560 sitting behind a firewall connected to my core sw(4506). Behind this firewall, the 2x L2 switches(3560) are not configured with any vlan. it has only one network segment within it. The gw for this network segment is at the firewall connected to one of this sw. Currently there isn't any vlan created on the L2 3560 switches. (only switchport mode access, and default-gateway command configured)

My question is that, if i would to create a vlan (eg. vlan42) in the L2 3560  switches and assign all the sw ports (of course exclude the trunk between each sw) in there as vlan access port vlan42.....can the host in there still able to reach the host outside the firewall (currently it working fine)?

currently, the native vlan for the L3 4506 is vlan10 and the L2 3560's native vlan is 1. does that matter in this case?

thx

173
Views
0
Helpful
2
Replies
CreatePlease to create content