Campus Switching and Routing

Reply
Occasional Contributor II

intervlan routing on L3 and internet on the FW

arubsVLAN.JPG

please any one can help me to verify if this is correct.. if this is wrong please share any modification to configure this correctly...i need to have intervlan routing on the switch L3..and get internet via FW.

Aruba Employee

Re: intervlan routing on L3 and internet on the FW

Hi,

 

From the drawing I don't understand the following points:

- Why do you have subinterfaces from VLAN 100 and 80 when you default gateway for these VLANS is the switch?

- Did you configure the routes on the firewall back to the switch?

 

 

Regards, Dobias

Occasional Contributor II

Re: intervlan routing on L3 and internet on the FW

hi thank you for replying, by the way for you what is the best configuration for this if i want only the routing be done at L3, meaning the intervlan routing happens only on the switch, do i need to create a VLAN on the FW or no need?

Aruba Employee

Re: intervlan routing on L3 and internet on the FW

I don't know the exact set-up but from this drawing, it's not needed. You will need to add routes on the FW to the subnets of the two VLANS the next-hop will be the switch. Otherwise, the FW doesn't know how to send the traffic back. 

 

Cheers, Dobias

Occasional Contributor II

Re: intervlan routing on L3 and internet on the FW

ok here is the scenario,

we have two VLANs, 100 and 80...our network has a FW as the gateway for all internal network hosts....and i want the intervlan routing be done in L3 switch.. what must be done to finish my setup?

Aruba Employee

Re: intervlan routing on L3 and internet on the FW

The firewall is conected to the internet right? When you saw proctect itnernal host this probably means from the internet correct? 

 

From the drawing I see that internally you 192.168.1.1 IP address on the FW. Do you have IP addr on the switch in subnet? This is probably placed in different VLAN. 

 

If so than everything is fine you can remove the VLANs on FW and add routes from the FW to subnets of VLAN80 and 100 with switch as next-hop. 

 

Regards, Dobias

Occasional Contributor II

Re: intervlan routing on L3 and internet on the FW

the 192.168.1.1 is the IP of port4 where i plugged in the 2930f L3 switch, the management VLAN of the L3 switch is VLAN60 which is 192.168.50.1...the concern is if i want the intervlan routing for VLAN100 and VLAN80 be done on the L3, what must be done? or is it a best practice to do it on L3 knowing i have a FW already as my gateway device?
Aruba Employee

Re: intervlan routing on L3 and internet on the FW

Hi,

 

Hereby the steps you need to take:

  • Remove VLAN 80/100 from the FW
  • Add new VLAN on the switch (if not configured yet)
  • Add IP address to this VLAN that is in the same subnet as FW (if not configured yet)
  • Offcourse, untag or tag the port connected to the FW. Tag / untag depends on how FW is configured (IEEE .Q)
  • Add static routes on FW to subnets of VLAN 80 and VLAN 100
  • Make sure clients in both subnets get correct default gateway IP of the switch. Either DHCP or static.

 

This should be it.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: