Extreme Networks

jacksonvld · ‎12-28-2020

Hello gentlemen,
I need help from the most experienced.
I have the following vlans configured on my core switch:
1 - Default - 192.168.1.2/24
2 - IT - 172.17.41.1/24
3 - Fin - 172.17.36.1/24
4 - My Default gateway is 192.168.1.1 (My Firewall).

I don't want communication between vlans, but I need them to be able to go out to the internet, going through the firewall.

I have tried to configure static route, enable ipforwarding, ACL denying traffic between vlans when ipforwarding is enabled, but still without success.

Can someone please help me?

Sorry for the mistakes I use google translate.

Miguel-Angel_RO · ‎12-28-2020

Jackson,

First shot is to remove the ipaddress from the vlans and put them on the vlan interface of the firewall.

If you want more specific answers you’ll have to share a topology design.

Mig

View solution in original post

Miguel-Angel_RO · ‎01-04-2021

Jackson,

It is indeed my best choice.

Mig

jacksonvld · ‎01-04-2021

I would not like to give the firewall the blocking function between vlans, but it seems to me that moving the vlan gateway to the firewall will be the best solution.

Miguel-Angel_RO · ‎01-04-2021

Jackson,

If you want to avoid inter-vlan routing, you must specify ACLs in the switch or in the firewall but you’ll have to use them.

You could use VRFs to avoid this but this will need one port per VRF (much complex setup) on the switches and the firewall and ACLs on the firewall.

I’m afraid I don’t have a lot of solution meeting your wishes.

Mig

jacksonvld · ‎01-04-2021

Good morning Mig,
Yes. I don't want to use ACLs. I would like the Switch to do all the routing, for example:
- As I showed in the diagram. It is possible to make the IT VLAN use the default gateway 192.168.1.1?

Extreme Networks

Vlan routing

Vlan routing