09-11-2010 10:09 PM - edited 03-04-2019 09:44 AM
Dear all,
I have a three Routers that connect to a three VLANs.
Router A connect to VLAN2
Router B connect to VLAN3
Router C connect to VLAN4
Router A, Router B and Router C is configured with a static route and thery are supplied by the third party
We can not change the setting to EIGRP
The traffice of VLAN2,VLAN3 AND VLAN4 are passed to VLAN5
VLAN5 are connected to a firewall.
(Please take a look for the attachement)
How can I set the switch?
Thank you
Solved! Go to Solution.
09-12-2010 06:23 AM
Hello,
If you do not have a default gateway, you cannot communicate with anybody.
That network will be isolated. You need to give a default gateway so that
the router can communicate with other devices.
With regard to the second question, you can configure access-list on the
switch to block communication between the banks.
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 permit ip any any
access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 102 permit ip any any
access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 103 permit ip any any
interface vlan 1
ip access-group 101 in
exit
interface vlan 2
ip access-group 102 in
exit
interface vlan 3
ip access-group 103 in
exit
Regards,
NT
09-12-2010 12:24 AM
Hello,
If you cannot run any routing protocol, please configure the switch for
basic routing:
interface vlan 2
ip address 192.168.1.1 255.255.255.0
exit
interface vlan 3
ip address 192.168.2.1 255.255.255.0
exit
interface vlan 4
ip address 192.168.3.1 255.255.255.0
exit
interface vlan 5
ip address 192.168.55.2 255.255.255.0
exit
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.55.1 (Firewall IP)
On Router A:
ip route 0.0.0.0 0.0.0.0 192.168.1.1
On Router B:
ip route 0.0.0.0 0.0.0.0 192.168.2.1
On Router C:
ip route 0.0.0.0 0.0.0.0 192.168.3.1
On the Firewall:
route inside 192.168.0.0 255.255.0.0 192.168.55.2
Hope this helps.
Regards,
NT
09-12-2010 12:58 AM
Dear NT,
Thank you for your reply. but Router A,Router B,Router C were supplied by third party. I can NOT log into Router to do the setting.
So, the static route can NOT add to Router A
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip route 0.0.0.0 0.0.0.0 192.168.3.1
May I use redistribute a static route to an interface technolog?
And How to set them?
Thank you
09-12-2010 05:38 AM
Hello,
Are those routers running any other routing protocols? Can you tell us what
the purpose of this setup is? How exactly the traffic flows? Are those
routers signify 3 ISP connections?
Regards,
NT
09-12-2010 05:52 AM
Hi,
Thank you for your reply. These routers are connect to bank ( There are a leased line connected)
For security reason. I don't know these router's configuration. They just told us a set of IP address.
I asked the bank to change the configuration and they said no.
Actually, I can connect these router to my firewall directly. but if the connection increased, I need to increase the port of firewall.
So I want them to connect to switch (with L3) and the traffic pass to VLAN5, VLAN5 connect to firewall
Thank you
09-12-2010 05:56 AM
Hello,
Do you know the IP address of the routers and their default gateway
information?
Regards,
NT
09-12-2010 05:59 AM
Hi,
thank you for your reply
Yes, I know the IP address and default gateway of the routers
thank you
09-12-2010 06:07 AM
Hello,
In that case, you can configure the switch interface to be the IP of the
router default gateway. For example, if the Router A has a default gateway
of 192.168.1.100, then, on the switch:
interface vlan 1
ip address 192.168.1.100 255.255.255.0
exit
This way, the router sends all the traffic to your switch and then switch
can route the traffic to the PIX via vlan 5.
Regards,
NT
09-12-2010 06:17 AM
Hi,
thank you for your reply very much.
(1) in my memory, one of router seems not give the default way, how can I set for this case?
(2) VLAN 2,VLAN3 and VLAN4 can NOT communicated each other for security reason. how can I set it?
Thank you
09-12-2010 06:23 AM
Hello,
If you do not have a default gateway, you cannot communicate with anybody.
That network will be isolated. You need to give a default gateway so that
the router can communicate with other devices.
With regard to the second question, you can configure access-list on the
switch to block communication between the banks.
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 permit ip any any
access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 102 permit ip any any
access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 103 permit ip any any
interface vlan 1
ip access-group 101 in
exit
interface vlan 2
ip access-group 102 in
exit
interface vlan 3
ip access-group 103 in
exit
Regards,
NT
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: