This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Questions about vlan routing

Questions about vlan routing

jacksonvld
New Contributor

‎12-28-2020 03:31 PM

Hello gentlemen,
I need help from the most experienced.
I have the following vlans configured on my core switch:
1 - Default - 192.168.1.2/24
2 - IT - 172.17.31.1/24
3 - Fin - 172.17.26.1/24
4 - My Default gateway is 192.168.1.1 (My Firewall).

I don't want communication between vlans, but I need them to be able to go out to the internet, going through the firewall.

 

I have tried to configure static route, enable ipforwarding, ACL denying traffic between vlans when ipforwarding is enabled, but still without success.

Can someone please help me?

 

 

Sorry for the mistakes I use google translate.

0 Kudos
2 REPLIES 2

jacksonvld
New Contributor

‎12-28-2020 05:49 PM

They not able to access the internet.
I need to avoid communication between IT and Fin vlans, but they must be able to go out to the internet.

I deleted all the acls. It didn't seem like a good solution. I believe that the solution is routing.

 

XCM8810.1 # sh config "vlan"
#
# Module vlan configuration.

#
configure vlan default delete ports all
configure vr VR-Default delete ports 1:1-48
configure vr VR-Default add ports 1:1-48
configure vlan default delete ports 1:1, 1:36, 1:41
create vlan "Fin"
configure vlan Fin tag 36
configure vlan Fin protocol IP
create vlan "TI"
configure vlan TI tag 41
configure vlan Default add ports 1:1 tagged
configure vlan Default add ports 1:2-35, 1:37-40, 1:42-48 untagged
configure vlan Fin add ports 1:36 untagged
configure vlan TI add ports 1:41 untagged
configure vlan Default ipaddress 192.168.1.2 255.255.255.0
configure vlan TI ipaddress 172.17.41.2 255.255.255.0
configure vlan Fin ipaddress 172.17.36.2 255.255.255.0

XCM8810.2 # sh iproute
Ori  Destination        Gateway         Mtr  Flags        VLAN       Duration
#s   Default Route      192.168.1.1     1    UG---S-um--f Default    0d:0h:8m:37s
 d   172.17.36.0/24     172.17.36.2     1    -------um--- Fin        0d:0h:8m:37s
#d   172.17.41.0/24     172.17.41.2     1    U------um--f TI         0d:0h:8m:37s
#d   192.168.1.0/24     192.168.1.2     1    U------um--f Default    0d:0h:8m:37s

0 Kudos

Stefan_K_
Valued Contributor

‎12-28-2020 04:25 PM

Greetings,

What exactly is without success? Are they not able to access the internet? Or are they able to access the internet but also the other vlans?

Can you share the relevant parts of

show config vlan
show iproute

and also your ACLs and how you applied them.

0 Kudos
GTM-P2G8KFN