cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1490
Views
0
Helpful
9
Replies

static routing and switch vlan

csccomthb
Level 1
Level 1

Dear all,

I have a three Routers that connect to a three VLANs.

Router A connect to VLAN2

Router B connect to VLAN3

Router C connect to VLAN4

Router A, Router B and Router C is configured with a static route and thery are  supplied by the third party

We can not change the setting to EIGRP

The traffice of VLAN2,VLAN3 AND VLAN4 are passed to VLAN5

VLAN5 are connected to a firewall.

(Please take a look for the attachement)

How can I set the switch?

Thank you

1 Accepted Solution

Accepted Solutions

Hello,

If you do not have a default gateway, you cannot communicate with anybody.

That network will be isolated. You need to give a default gateway so that

the router can communicate with other devices.

With regard to the second question, you can configure access-list on the

switch to block communication between the banks.

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 101 permit ip any any

access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 102 permit ip any any

access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 103 permit ip any any

interface vlan 1

ip access-group 101 in

exit

interface vlan 2

ip access-group 102 in

exit

interface vlan 3

ip access-group 103 in

exit

Regards,

NT

View solution in original post

9 Replies 9

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

If you cannot run any routing protocol, please configure the switch for

basic routing:

interface vlan 2

ip address 192.168.1.1 255.255.255.0

exit

interface vlan 3

ip address 192.168.2.1 255.255.255.0

exit

interface vlan 4

ip address 192.168.3.1 255.255.255.0

exit

interface vlan 5

ip address 192.168.55.2 255.255.255.0

exit

ip routing

ip route 0.0.0.0 0.0.0.0 192.168.55.1 (Firewall IP)

On Router A:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

On Router B:

ip route 0.0.0.0 0.0.0.0 192.168.2.1

On Router C:

ip route 0.0.0.0 0.0.0.0 192.168.3.1

On the Firewall:

route inside 192.168.0.0 255.255.0.0 192.168.55.2

Hope this helps.

Regards,

NT

Dear NT,

Thank you for your reply. but Router A,Router B,Router C were supplied by third party. I can NOT log into Router to do the setting.

So, the static route can NOT add to Router A

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route 0.0.0.0 0.0.0.0 192.168.2.1

ip route 0.0.0.0 0.0.0.0 192.168.3.1

May I use  redistribute a static route to an interface technolog?

And How to set them?

Thank you

Hello,

Are those routers running any other routing protocols? Can you tell us what

the purpose of this setup is? How exactly the traffic flows? Are those

routers signify 3 ISP connections?

Regards,

NT

Hi,

Thank you for your reply. These routers are connect to bank ( There are a leased line connected)

For security reason. I don't know these router's configuration. They just told us a set of IP address.

I asked the bank to change the configuration and they said no.

Actually, I can connect these router to my firewall directly. but if the connection increased, I need to increase the port of firewall.

So  I want them to connect to switch (with L3) and the traffic pass to VLAN5, VLAN5 connect to firewall

Thank you

Hello,

Do you know the IP address of the routers and their default gateway

information?

Regards,

NT

Hi,

thank you for your reply

Yes, I know the IP address and default gateway of the routers

thank you

Hello,

In that case, you can configure the switch interface to be the IP of the

router default gateway. For example, if the Router A has a default gateway

of 192.168.1.100, then, on the switch:

interface vlan 1

ip address 192.168.1.100 255.255.255.0

exit

This way, the router sends all the traffic to your switch and then switch

can route the traffic to the PIX via vlan 5.

Regards,

NT

Hi,

thank you for your reply very much.

(1) in my memory, one of router seems not give the default way, how can I set for this case?

(2) VLAN 2,VLAN3 and VLAN4 can NOT communicated each other for security reason. how can I set it?

Thank you

Hello,

If you do not have a default gateway, you cannot communicate with anybody.

That network will be isolated. You need to give a default gateway so that

the router can communicate with other devices.

With regard to the second question, you can configure access-list on the

switch to block communication between the banks.

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 101 permit ip any any

access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 102 permit ip any any

access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 103 permit ip any any

interface vlan 1

ip access-group 101 in

exit

interface vlan 2

ip access-group 102 in

exit

interface vlan 3

ip access-group 103 in

exit

Regards,

NT

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: