This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to connect firewall to Layer 3 to layer 2 switch

How to connect firewall to Layer 3 to layer 2 switch

Abdul_Farooq
New Contributor

‎04-01-2018 10:20 AM

in our environment we are using x460 layer3 switch its connected to firewall

firewall-->coreswitch is pinging

core--> layer 2 switch--> not pinging firewall ip, and vlan ip

firewall IP: X.X.10.200/24

X460 configuration

sh con
X460G2-24t-G4.86 # sh configuration

#
# Module devmgr configuration.
#
configure sys-recovery-level switch reset

#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-34
configure vr VR-Default add ports 1-34
configure vlan default delete ports 7
create vlan "one
configure vlan one tag 13
create vlan "two"
configure vlan "two" tag 14
configure ports 33 auto off speed 10000 duplex full
configure ports 34 auto off speed 10000 duplex full
configure vlan Default add ports 1-6, 8-34 untagged
onfigure vlan one add ports 16-24 tagged
configure vlan one add ports 7 untagged
configure vlan Default ipaddress X.X.10.201 255.255.255.0
configure vlan one ipaddress X.X.13.200 255.255.255.0
enable ipforwarding vlan one
configure vlan two ipaddress X.X.14.200 255.255.255.0
enable ipforwarding vlan two

#
# Module fdb configuration.
#

#
# Module rtmgr configuration.
#
configure iproute add X.X..13.0 255.255.255.0 X.X.10.200
configure iproute add default X.X.10.200

#
# Module mcmgr configuration.
#

#
# Module aaa configuration.
#

#
# Module acl configuration.
#

layer 2 210 switch

configuration

network protocol none

network parms X.X.10.206 X.X.X.X.0 X.X.10.201

vlan database

vlan 13-14

vlan name 13 "one"

vlan name 14 "two"

vlan routing 13 1

vlan routing 14 2

vlan routing 1 3

exit

0 Kudos
4 REPLIES 4

Abdul_Farooq
New Contributor

‎04-02-2018 09:16 AM

yes, and firewall lan port is connected to 24th port . 24th port is tagged port.

it is correct are can i change that port to untagged port
0 Kudos

Choukri_BELHADJ
New Contributor

‎04-02-2018 09:09 AM

Hello , 2 possibilities:
1 : IPF not enable on vlan default ( but the core replying from firewall .... strange )
2: Very basic , but 4 eyes better than 2.... check if the ping is not blocked on the Firewall interface , it's usually the case in most of time )
0 Kudos

Stephane_Grosj1
Extreme Employee

‎04-01-2018 12:43 PM

Hi, I don't see the enable ipf vlan default.
0 Kudos

Abdul_Farooq
New Contributor

‎04-01-2018 10:24 AM

interface 0/1

switchport access vlan 13

exit

interface 0/2

switchport access vlan 13

exit

--More-- or (q)uit


interface 0/3

switchport access vlan 13

exit

interface 0/4

switchport access vlan 13

exit

interface 0/5

switchport access vlan 13

exit

interface 0/10

switchport mode trunk

exit

0 Kudos
GTM-P2G8KFN