Connection to the net behind InterVlan routing

ddicky · ‎05-14-2003

My planning network

Switch(WS-3550-SMI) VLAN 1(192.168.1.1)&VLAN2(192.168.2.1) ---inside(192.168.1.10)PIX(10.10.10.1)outside-----(10.10.10.2)router---Internet.

My switch will do the intervlan routing.Both segments is able to communicate to each other.

My question is how should I configured inorder for all my workstations to access internet on both segments.

Which IP gateway should use on workstation on both segments?

rwiesmann · ‎05-14-2003

Hi

Best is to have the 3550 as you Gateway for each VLAN. So that mean's

for host on VLAN 1 it's 192.168.1.1 and for host on VLAN 2 it's 192.168.2.1.

You also have to implement a Default Route on the 3550 towards the PIX like

ip route 0.0.0.0 0.0.0.0 192.168.1.10 ==> on 3550

On the PIX you have to route your internal networks, in this case only the

192.168.1.0 Network.

This way you only can create new VLAN's and just add a route on the PIX for the network.

Hope that helps

Roger

MUHAMMAD SHAHEEN · ‎05-14-2003

I totally agree with this. Just to add on 2 x C3550 switches. Both should run as VTP server hence VLANs are backed up. If you can get C2550 - EMI, you can run HSRP and that address will be your default gateway. If you have 2 router one router to one switch and the other to second switch. In case if 1 switch fails your network will not fail. Your network is reliable, your VLANs are present and your job is secure. By having only 1 VTP server switch can be a single point failure.

Thanks

ddicky · ‎05-15-2003

I am getting the idea.

Should I put in this command in the PIX as you metioned

route outside 0.0.0.0 0.0.0.0 10.10.10.2.

Anymore routing command required on the router,PIX and switch

Pls advise.