This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alternative method to using IP Forwarding?

Alternative method to using IP Forwarding?

Derek_Mayberry
New Contributor

‎07-17-2017 07:23 PM

We have an Extreme switch that has the following vlans.

vlan1 switch interface is 192.168.10.4/24
vlan2 switch interface is 192.168.50.240/22 (so hosts are 48.0 through 51.255)

vlan1 has ipforwarding enabled but vlan2 does not.

We need hosts that are on vlan2 to communicate with hosts on vlan1 and vice versa. The main problem is that we understand we can solve this by enabling ipforwarding on vlan2, but we don't want to do this if there is any other possible way. The point of vlans is segregation and we would just be removing that if we have ipforwarding enabled on both wouldn't we??

Is there any other possible method to get traffic between even just a couple hosts from each vlan to talk? Maybe something more limited than a broad brush of ipforwarding and secure etc. ?

0 Kudos
6 REPLIES 6

Erik_Auerswald
Contributor II

‎07-18-2017 05:21 AM

If you are fine with slow performance communication between a few specific end systems in each of the VLANs, you can use a firewall to route and filter between them. A switch is designed to allow line rate forwarding between end systems, and can do some filtering as well. A firewall is designed to filter traffic, and do some forwarding as well.
0 Kudos

davidj_cogliane
Contributor

‎07-17-2017 07:55 PM

Correct, broadcast would still be separate. The down side, like the upside is that you then route traffic from one vlan to the other. But if you want to get from one to the other you have no choice. An ACL to only allow certain traffic might be your best bet to keep things locked down.
0 Kudos

Derek_Mayberry
New Contributor

‎07-17-2017 07:35 PM

It is government. But let me make sure I understand... If I enable ipforwarding between these two vlans, there is no downside to doing that? We still have separate broadcast traffic for them etc.
0 Kudos

davidj_cogliane
Contributor

‎07-17-2017 07:31 PM

Turning ipforwading on would not impact your multicast segregation, which is half the battle. Why is security such a concern? Is it industry or government related? Perhaps you could do something with static routes. Or enable ipforwading then lock it down with an ACL
0 Kudos
GTM-P2G8KFN