Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
5
Helpful
3
Replies

L3 switch VLAN and routing

bapatsubodh
Level 1
Level 1

‎10-30-2009 08:38 AM - edited ‎03-04-2019 06:33 AM

Hi,

We have L3 switch with VLAN 10,20, and 30. There are no interfcaes for VLAN 20 and 30 on this L3 switch. But interfces are created with IP addresses. Other L2 switches are connected by trunk to this L3 switch. On L3 switch there are interfaces only with VLAN 10. One interface connectd in VLAN 10 is firewall. Hosts in VLAN 20 and 30 have their default gateway as L3 switch VLAN interface. Devices from VLAN 20 and VLAN 30 can communicate with eachn other - inter VLAN routing is working. Now we need to forward traffic to firewall from L3 switch which belongs to internet and not VLAN 20 and 30.

So the interface connected to firewall which is memeber of VLAN 10 group need to be in trunk ?

In my opinion when L3 switch is forwarding the frame to firewall it will remove the VLAN-tag-id from frame and will forward that frame to firewall as if the firewall is next hop router. ( It will send a untagged frame to firewall then firewall will NAT-PAT and will send it to internet, also firewall will have reverse route for VLAN 20 and VLAN 30 subnet ).

Please share the experience.

Thanks in advance.

Subodh

Labels:
0 Helpful
3 Replies 3

Thotsaphon Lueangwattanaphong
Level 7
Level 7

‎10-30-2009 09:42 AM

Subodh,

It's not easy to do so. (J/K)

- You have an IP address assigned to the Firewall. The firewall has been connected to the interface on the L3 switch with the access port of vlan 10.

- Create a default route pointing to the IP address of the Firewall.

Edit: What you thought is right. Untagged frames will be sent to the firewall. You just have to make sure that there is a route to forward packets out to the firewall. However, If I were you, I will design a new network to connect to the firewall. I properly use a routed port to do so. No need to send any broadcast traffic from vlan 10 to it. If the interface on the firewall is the routed port, I don't see any reason to send BPDUs to it. That's why I'd better create a new network to connect them together and use a routed port on L3 Switch.

Hopes I help you some.

Toshi

bapatsubodh
Level 1
Level 1
In response to Thotsaphon Lueangwattanaphong

‎10-30-2009 09:49 AM

hi,

Got it.

I need to put one default route in L3 switch

Ip route 0.0.0.0 0.0.0.0 Firewall_Inside_Ip.

Is that correct.

Thanks

subodh

0 Helpful

Thotsaphon Lueangwattanaphong
Level 7
Level 7
In response to bapatsubodh

‎10-30-2009 09:50 AM

Subodh,

Yep, Try it.(grin)

P.S. Don't forget to tell the firewall to route packets from vlan20,30 back to the place they were born. heheh.

HTH,

Toshi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card