This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Vlan routing

Vlan routing

Go to solution
jacksonvld
New Contributor

‎12-28-2020 07:16 PM

Hello gentlemen,
I need help from the most experienced.
I have the following vlans configured on my core switch:
1 - Default - 192.168.1.2/24
2 - IT - 172.17.41.1/24
3 - Fin - 172.17.36.1/24
4 - My Default gateway is 192.168.1.1 (My Firewall).

I don't want communication between vlans, but I need them to be able to go out to the internet, going through the firewall.

 

I have tried to configure static route, enable ipforwarding, ACL denying traffic between vlans when ipforwarding is enabled, but still without success.

Can someone please help me?

 

 

Sorry for the mistakes I use google translate.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎12-28-2020 07:18 PM

Jackson,

First shot is to remove the ipaddress from the vlans and put them on the vlan interface of the firewall.

If you want more specific answers you’ll have to share a topology design.

Mig

View solution in original post

0 Kudos
10 REPLIES 10

Go to solution
jacksonvld
New Contributor

‎12-28-2020 07:17 PM

XCM8810.1 # sh config "vlan"
#
# Module vlan configuration.

#
configure vlan default delete ports all
configure vr VR-Default delete ports 1:1-48
configure vr VR-Default add ports 1:1-48
configure vlan default delete ports 1:1, 1:36, 1:41
create vlan "Fin"
configure vlan Fin tag 36
configure vlan Fin protocol IP
create vlan "TI"
configure vlan TI tag 41
configure vlan Default add ports 1:1 tagged
configure vlan Default add ports 1:2-35, 1:37-40, 1:42-48 untagged
configure vlan Fin add ports 1:36 untagged
configure vlan TI add ports 1:41 untagged
configure vlan Default ipaddress 192.168.1.2 255.255.255.0
configure vlan TI ipaddress 172.17.41.2 255.255.255.0
configure vlan Fin ipaddress 172.17.36.2 255.255.255.0

XCM8810.2 # sh iproute
Ori  Destination        Gateway         Mtr  Flags        VLAN       Duration
#s   Default Route      192.168.1.1     1    UG---S-um--f Default    0d:0h:8m:37s
 d   172.17.36.0/24     172.17.36.2     1    -------um--- Fin        0d:0h:8m:37s
#d   172.17.41.0/24     172.17.41.2     1    U------um--f TI         0d:0h:8m:37s
#d   192.168.1.0/24     192.168.1.2     1    U------um--f Default    0d:0h:8m:37s

0 Kudos
GTM-P2G8KFN