How to connect firewall to Layer 3 to layer 2 switch
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-01-2018 10:20 AM
in our environment we are using x460 layer3 switch its connected to firewall
firewall-->coreswitch is pinging
core--> layer 2 switch--> not pinging firewall ip, and vlan ip
firewall IP: X.X.10.200/24
X460 configuration
sh con
X460G2-24t-G4.86 # sh configuration
#
# Module devmgr configuration.
#
configure sys-recovery-level switch reset
#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-34
configure vr VR-Default add ports 1-34
configure vlan default delete ports 7
create vlan "one
configure vlan one tag 13
create vlan "two"
configure vlan "two" tag 14
configure ports 33 auto off speed 10000 duplex full
configure ports 34 auto off speed 10000 duplex full
configure vlan Default add ports 1-6, 8-34 untagged
onfigure vlan one add ports 16-24 tagged
configure vlan one add ports 7 untagged
configure vlan Default ipaddress X.X.10.201 255.255.255.0
configure vlan one ipaddress X.X.13.200 255.255.255.0
enable ipforwarding vlan one
configure vlan two ipaddress X.X.14.200 255.255.255.0
enable ipforwarding vlan two
#
# Module fdb configuration.
#
#
# Module rtmgr configuration.
#
configure iproute add X.X..13.0 255.255.255.0 X.X.10.200
configure iproute add default X.X.10.200
#
# Module mcmgr configuration.
#
#
# Module aaa configuration.
#
#
# Module acl configuration.
#
layer 2 210 switch
configuration
network protocol none
network parms X.X.10.206 X.X.X.X.0 X.X.10.201
vlan database
vlan 13-14
vlan name 13 "one"
vlan name 14 "two"
vlan routing 13 1
vlan routing 14 2
vlan routing 1 3
exit
firewall-->coreswitch is pinging
core--> layer 2 switch--> not pinging firewall ip, and vlan ip
firewall IP: X.X.10.200/24
X460 configuration
sh con
X460G2-24t-G4.86 # sh configuration
#
# Module devmgr configuration.
#
configure sys-recovery-level switch reset
#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-34
configure vr VR-Default add ports 1-34
configure vlan default delete ports 7
create vlan "one
configure vlan one tag 13
create vlan "two"
configure vlan "two" tag 14
configure ports 33 auto off speed 10000 duplex full
configure ports 34 auto off speed 10000 duplex full
configure vlan Default add ports 1-6, 8-34 untagged
onfigure vlan one add ports 16-24 tagged
configure vlan one add ports 7 untagged
configure vlan Default ipaddress X.X.10.201 255.255.255.0
configure vlan one ipaddress X.X.13.200 255.255.255.0
enable ipforwarding vlan one
configure vlan two ipaddress X.X.14.200 255.255.255.0
enable ipforwarding vlan two
#
# Module fdb configuration.
#
#
# Module rtmgr configuration.
#
configure iproute add X.X..13.0 255.255.255.0 X.X.10.200
configure iproute add default X.X.10.200
#
# Module mcmgr configuration.
#
#
# Module aaa configuration.
#
#
# Module acl configuration.
#
layer 2 210 switch
configuration
network protocol none
network parms X.X.10.206 X.X.X.X.0 X.X.10.201
vlan database
vlan 13-14
vlan name 13 "one"
vlan name 14 "two"
vlan routing 13 1
vlan routing 14 2
vlan routing 1 3
exit
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-02-2018 09:16 AM
yes, and firewall lan port is connected to 24th port . 24th port is tagged port.
it is correct are can i change that port to untagged port
it is correct are can i change that port to untagged port
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-02-2018 09:09 AM
Hello , 2 possibilities:
1 : IPF not enable on vlan default ( but the core replying from firewall .... strange )
2: Very basic , but 4 eyes better than 2.... check if the ping is not blocked on the Firewall interface , it's usually the case in most of time )
1 : IPF not enable on vlan default ( but the core replying from firewall .... strange )
2: Very basic , but 4 eyes better than 2.... check if the ping is not blocked on the Firewall interface , it's usually the case in most of time )
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-01-2018 12:43 PM
Hi, I don't see the enable ipf vlan default.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-01-2018 10:24 AM
interface 0/1
switchport access vlan 13
exit
interface 0/2
switchport access vlan 13
exit
--More-- or (q)uit
interface 0/3
switchport access vlan 13
exit
interface 0/4
switchport access vlan 13
exit
interface 0/5
switchport access vlan 13
exit
interface 0/10
switchport mode trunk
exit
switchport access vlan 13
exit
interface 0/2
switchport access vlan 13
exit
--More-- or (q)uit
interface 0/3
switchport access vlan 13
exit
interface 0/4
switchport access vlan 13
exit
interface 0/5
switchport access vlan 13
exit
interface 0/10
switchport mode trunk
exit
