12-28-2020 07:16 PM
Hello gentlemen,
I need help from the most experienced.
I have the following vlans configured on my core switch:
1 - Default - 192.168.1.2/24
2 - IT - 172.17.41.1/24
3 - Fin - 172.17.36.1/24
4 - My Default gateway is 192.168.1.1 (My Firewall).
I don't want communication between vlans, but I need them to be able to go out to the internet, going through the firewall.
I have tried to configure static route, enable ipforwarding, ACL denying traffic between vlans when ipforwarding is enabled, but still without success.
Can someone please help me?
Sorry for the mistakes I use google translate.
Solved! Go to Solution.
12-28-2020 07:18 PM
Jackson,
First shot is to remove the ipaddress from the vlans and put them on the vlan interface of the firewall.
If you want more specific answers you’ll have to share a topology design.
Mig
01-04-2021 04:05 PM
Jackson,
It is indeed my best choice.
Mig
01-04-2021 04:01 PM
I would not like to give the firewall the blocking function between vlans, but it seems to me that moving the vlan gateway to the firewall will be the best solution.
01-04-2021 12:04 PM
Jackson,
If you want to avoid inter-vlan routing, you must specify ACLs in the switch or in the firewall but you’ll have to use them.
You could use VRFs to avoid this but this will need one port per VRF (much complex setup) on the switches and the firewall and ACLs on the firewall.
I’m afraid I don’t have a lot of solution meeting your wishes.
Mig
01-04-2021 11:36 AM
Good morning Mig,
Yes. I don't want to use ACLs. I would like the Switch to do all the routing, for example:
- As I showed in the diagram. It is possible to make the IT VLAN use the default gateway 192.168.1.1?