a pair of 4506 with hsrp and vlan routing---> connected to a checkpoint firewall, default route on the firewall itself to route the network at the private network out----->(2xL2 3650 sw) private network without any vlan configured. only configured default-gateway on the switches itself and management ip on vlan 1+trunk between these 2 switches. Will it make any different in the private network if i would to configure a vlan 42 there compared to no vlan? Will the private host still able to reach the 4506 sw by adding in vlan42?
I'm not sure I understand your question about vlan 42, but the static routes are another story.
Anothe question on static route below
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 10.0.0.0 255.0.0.0 10.1.1.2 251
which one will be the prefered route out?
Unless you're learning your 10.0.0.0 subnet from a routing protocol (eigrp/ospf/bgp/etc.), the more specific route will be chosen. Say you don't have a routing protocol and you only rely on static routes. In the example above, if anyone goes to 10.1.1.5 (in the range of 10.0.0.0/8), then it's going to choose the second route and go out 10.1.1.2. If anyone tries to go anywhere else not in the 10.0.0.0/8 subnet, then it'll go out the 10.1.1.1 (first route) gateway.
If you DO have a routing protocol, then the second route will NOT be used unless the route learned from the routing protocol drops out of the table due to loss of connection etc.
If you have a bgp learned route for 10.0.0.0/8, it would look something like:
B 10.0.0.0 255.255.255.0 [20/0] via 10.1.1.1
If you lose your connection to 10.1.1.1, then the routing table will be updated like:
The vlan question is that i've 2x L2 3560 sitting behind a firewall connected to my core sw(4506). Behind this firewall, the 2x L2 switches(3560) are not configured with any vlan. it has only one network segment within it. The gw for this network segment is at the firewall connected to one of this sw. Currently there isn't any vlan created on the L2 3560 switches. (only switchport mode access, and default-gateway command configured)
My question is that, if i would to create a vlan (eg. vlan42) in the L2 3560 switches and assign all the sw ports (of course exclude the trunk between each sw) in there as vlan access port vlan42.....can the host in there still able to reach the host outside the firewall (currently it working fine)?
currently, the native vlan for the L3 4506 is vlan10 and the L2 3560's native vlan is 1. does that matter in this case?
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...