https://community.extremenetworks.com/t5/network-architecture-design/how-to-connect-firewall-to-layer-3-to-layer-2-switch/m-p/13784#M1188 Hello , 2 possibilities:<BR /> 1 : IPF not enable on vlan default ( but the core replying from firewall .... strange )<BR /> 2: Very basic , but 4 eyes better than 2.... check if the ping is not blocked on the Firewall interface , it's usually the case in most of time ) Mon, 02 Apr 2018 16:09:00 GMT Choukri_BELHADJ 2018-04-02T16:09:00Z https://community.extremenetworks.com/t5/network-architecture-design/how-to-connect-firewall-to-layer-3-to-layer-2-switch/m-p/13781#M1185 in our environment we are using x460 layer3 switch its connected to firewall <BR /> <BR /> firewall--&gt;coreswitch is pinging<BR /> <BR /> core--&gt; layer 2 switch--&gt; not pinging firewall ip, and vlan ip<BR /> <BR /> firewall IP: X.X.10.200/24<BR /> <BR /> X460 configuration<BR /> <BR /> sh con<BR /> X460G2-24t-G4.86 # sh configuration <BR /> <BR /> #<BR /> # Module devmgr configuration.<BR /> #<BR /> configure sys-recovery-level switch reset<BR /> <BR /> #<BR /> # Module vlan configuration.<BR /> #<BR /> configure vlan default delete ports all<BR /> configure vr VR-Default delete ports 1-34<BR /> configure vr VR-Default add ports 1-34<BR /> configure vlan default delete ports 7<BR /> create vlan "one<BR /> configure vlan one tag 13<BR /> create vlan "two"<BR /> configure vlan "two" tag 14<BR /> configure ports 33 auto off speed 10000 duplex full <BR /> configure ports 34 auto off speed 10000 duplex full <BR /> configure vlan Default add ports 1-6, 8-34 untagged <BR /> onfigure vlan one add ports 16-24 tagged <BR /> configure vlan one add ports 7 untagged <BR /> configure vlan Default ipaddress X.X.10.201 255.255.255.0<BR /> configure vlan one ipaddress X.X.13.200 255.255.255.0<BR /> enable ipforwarding vlan one<BR /> configure vlan two ipaddress X.X.14.200 255.255.255.0<BR /> enable ipforwarding vlan two<BR /> <BR /> #<BR /> # Module fdb configuration.<BR /> #<BR /> <BR /> #<BR /> # Module rtmgr configuration.<BR /> #<BR /> configure iproute add X.X..13.0 255.255.255.0 X.X.10.200<BR /> configure iproute add default X.X.10.200<BR /> <BR /> #<BR /> # Module mcmgr configuration.<BR /> #<BR /> <BR /> #<BR /> # Module aaa configuration.<BR /> #<BR /> <BR /> #<BR /> # Module acl configuration.<BR /> #<BR /> <BR /> layer 2 210 switch<BR /> <BR /> configuration<BR /> <BR /> network protocol none<BR /> <BR /> network parms X.X.10.206 X.X.X.X.0 X.X.10.201<BR /> <BR /> vlan database<BR /> <BR /> vlan 13-14<BR /> <BR /> vlan name 13 "one"<BR /> <BR /> vlan name 14 "two"<BR /> <BR /> vlan routing 13 1<BR /> <BR /> vlan routing 14 2<BR /> <BR /> vlan routing 1 3<BR /> <BR /> exit<BR /> <BR /> Sun, 01 Apr 2018 17:20:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/how-to-connect-firewall-to-layer-3-to-layer-2-switch/m-p/13781#M1185 Abdul_Farooq 2018-04-01T17:20:00Z https://community.extremenetworks.com/t5/network-architecture-design/how-to-connect-firewall-to-layer-3-to-layer-2-switch/m-p/13782#M1186 interface 0/1<BR /> <BR /> switchport access vlan 13<BR /> <BR /> exit<BR /> <BR /> interface 0/2<BR /> <BR /> switchport access vlan 13<BR /> <BR /> exit<BR /> <BR /> --More-- or (q)uit<BR /> <BR /> <BR /> interface 0/3<BR /> <BR /> switchport access vlan 13<BR /> <BR /> exit<BR /> <BR /> interface 0/4<BR /> <BR /> switchport access vlan 13<BR /> <BR /> exit<BR /> <BR /> interface 0/5<BR /> <BR /> switchport access vlan 13<BR /> <BR /> exit<BR /> <BR /> interface 0/10<BR /> <BR /> switchport mode trunk<BR /> <BR /> exit<BR /> <BR /> Sun, 01 Apr 2018 17:24:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/how-to-connect-firewall-to-layer-3-to-layer-2-switch/m-p/13782#M1186 Abdul_Farooq 2018-04-01T17:24:00Z https://community.extremenetworks.com/t5/network-architecture-design/how-to-connect-firewall-to-layer-3-to-layer-2-switch/m-p/13783#M1187 Hi, I don't see the enable ipf vlan default. Sun, 01 Apr 2018 19:43:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/how-to-connect-firewall-to-layer-3-to-layer-2-switch/m-p/13783#M1187 Stephane_Grosj1 2018-04-01T19:43:00Z https://community.extremenetworks.com/t5/network-architecture-design/how-to-connect-firewall-to-layer-3-to-layer-2-switch/m-p/13784#M1188 Hello , 2 possibilities:<BR /> 1 : IPF not enable on vlan default ( but the core replying from firewall .... strange )<BR /> 2: Very basic , but 4 eyes better than 2.... check if the ping is not blocked on the Firewall interface , it's usually the case in most of time ) Mon, 02 Apr 2018 16:09:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/how-to-connect-firewall-to-layer-3-to-layer-2-switch/m-p/13784#M1188 Choukri_BELHADJ 2018-04-02T16:09:00Z https://community.extremenetworks.com/t5/network-architecture-design/how-to-connect-firewall-to-layer-3-to-layer-2-switch/m-p/13785#M1189 yes, and firewall lan port is connected to 24th port . 24th port is tagged port. <BR /> <BR /> it is correct are can i change that port to untagged port Mon, 02 Apr 2018 16:16:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/how-to-connect-firewall-to-layer-3-to-layer-2-switch/m-p/13785#M1189 Abdul_Farooq 2018-04-02T16:16:00Z