Re: Connect EMI 3550 Switch To Firewall

M.Vrazalic · ‎03-26-2006

I am connecting a 3550 switch to the internal side of firewall. The 3550 switch is then trunked to another switch through giga (Switch 2), and then switch 2 is trunked to switch 3 through giga port (daisy chain).

There are 2 staff vlans in switch 1 and a management vlan.

Are there any examples on internet for this kind of setup? I basically cannot get switch 1 to be a layer 3 switch and also apply access lists to it. I also always have to specify ip route 0 0 firewall inside port as gateway of last resort and do not know how to specify ip route with internal ip of vlans....

Roberto Salazar · ‎03-26-2006

The switch 1 that will serve as L3 for inter-vlan will not need to be specified to route for these valns. The switch will simply know this when it look at its routing table and see the other vlans as directly connected. The switch 1 ser ving as L3 will need a gateway of last resort pointing to the firewall, so that routes to any other destination not in your internal network as as traffic to the Internet will be routed and go through the firewall. The firewall will need some kind of static route back to the other vlans. that's the concept.

amit-singh · ‎03-26-2006

Hi,

The first thing that you will do to make it a Layer 3 switch is to enable " IP Routing " on it which is disabled by default.

conf t

ip routing

Now with ip routing enabled, you can define your Layer 3 Vlan SVI's and this will enable the Layer 3 communication between the vlans.

config t

int vlan x

ip x.x.x.x y.y.y.y

You can then set a defualt route pointing towards firewall.

Please see the below links:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/swiprout.htm

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/swacl.htm

HTH, please rate if it does.

-amit singh