- Posts: 2
- Thank you received: 0
VLAN routing
16 years 8 months ago #24768
by BlackJack
VLAN routing was created by BlackJack
I am currently in the process of testing my new Watchguard firewall and I need anyone's assistance in configuring my Cisco 4006 with sup II/III engine. I have two firewalls connected, one test and one production. I have 5 VLANs (10.1.1.0, 10.1.2.0, 10.1.3.0, 10.1.4.0, 10.1.5.0) and would like to know how to configure one of the vlan to go out to the internet using the test firewall (10.1.1.210). The gateway of last resort is currently configured to go out of the production firewall (10.1.1.211).
Thanks you for any advice or assistance.
Thanks you for any advice or assistance.
16 years 8 months ago #24784
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: VLAN routing
BlackJack,
Configuring interVlan routing is quite simple.
1) Assign an IP address for every VLAN interface you've configured on your 4006.
2) in global configuration mode (config#) enable ip routing by entering the command "ip routing"
3) Assign a the ports required, to each VLAN you've created.
4) Each host must have as a 'gateway', the ip address of the vlan interface belonging on the 4006.
If you require specific commands e.t.c, please let us know.
Cheers,
Configuring interVlan routing is quite simple.
1) Assign an IP address for every VLAN interface you've configured on your 4006.
2) in global configuration mode (config#) enable ip routing by entering the command "ip routing"
3) Assign a the ports required, to each VLAN you've created.
4) Each host must have as a 'gateway', the ip address of the vlan interface belonging on the 4006.
If you require specific commands e.t.c, please let us know.
Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
16 years 8 months ago #24787
by BlackJack
Replied by BlackJack on topic Re: VLAN routing
Thanks for the Reply Chris. All the VLAN was already assigned an IP and gateway and IP routing was also enabled. I did not explain my current configuration but, here it is. I have a Cisco 29xx and Cisco 35xx layer 2 switch connected to a CISCO Catalyst 4006 router. I have 10 VLANs not 5 with two firewall, test (10.1.1.210) and production (10.1.1.211) connected directly to my 4006. Here is my current route:
S 2xx.153.217.0/24 [1/0] via 1xx.175.1.39
S 2xx.1.126.0/24 [1/0] via 10.1.1.211
C 1xx.175.0.0/16 is directly connected, Vlan175
S 2xx.153.216.0/24 [1/0] via 1xx.175.1.39
S 1xx.168.10.0/24 [1/0] via 10.10.6.1
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C 10.1.8.0/24 is directly connected, Vlan80
C 10.10.6.0/27 is directly connected, Vlan175
C 10.1.3.0/24 is directly connected, Vlan30
C 10.1.2.0/24 is directly connected, Vlan20
C 10.99.99.0/24 is directly connected, Vlan1
C 10.1.1.0/24 is directly connected, Vlan10
C 10.1.7.0/24 is directly connected, Vlan70
C 10.1.5.0/24 is directly connected, Vlan50
C 10.1.4.0/24 is directly connected, Vlan40
C 10.1.175.0/24 is directly connected, Vlan175
S 2xx.166.193.0/24 [1/0] via 1xx.175.1.39
S 2xx.146.91.0/24 [1/0] via 1xx.175.1.39
S* 0.0.0.0/0 [1/0] via 10.1.1.241
Chris, are you suggesting that I changed my vlan 10.1.3.0/24 gateway from 10.1.3.1 to 10.1.1.210? Here is the current VLAN30 settings:
ip dhcp pool vlan30
network 10.1.3.0 255.255.255.0
default-router 10.1.3.1
netbios-name-server 10.1.1.5 10.1.1.19
netbios-node-type p-node
dns-server 10.1.1.211
What are the steps and command so I can set VLAN30 internet traffic to go out of the test firewall 10.1.1.210 and not break routes to all other VLAN's? Thanks in advance for your assistance and direction.
BlackJack
S 2xx.153.217.0/24 [1/0] via 1xx.175.1.39
S 2xx.1.126.0/24 [1/0] via 10.1.1.211
C 1xx.175.0.0/16 is directly connected, Vlan175
S 2xx.153.216.0/24 [1/0] via 1xx.175.1.39
S 1xx.168.10.0/24 [1/0] via 10.10.6.1
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C 10.1.8.0/24 is directly connected, Vlan80
C 10.10.6.0/27 is directly connected, Vlan175
C 10.1.3.0/24 is directly connected, Vlan30
C 10.1.2.0/24 is directly connected, Vlan20
C 10.99.99.0/24 is directly connected, Vlan1
C 10.1.1.0/24 is directly connected, Vlan10
C 10.1.7.0/24 is directly connected, Vlan70
C 10.1.5.0/24 is directly connected, Vlan50
C 10.1.4.0/24 is directly connected, Vlan40
C 10.1.175.0/24 is directly connected, Vlan175
S 2xx.166.193.0/24 [1/0] via 1xx.175.1.39
S 2xx.146.91.0/24 [1/0] via 1xx.175.1.39
S* 0.0.0.0/0 [1/0] via 10.1.1.241
Chris, are you suggesting that I changed my vlan 10.1.3.0/24 gateway from 10.1.3.1 to 10.1.1.210? Here is the current VLAN30 settings:
ip dhcp pool vlan30
network 10.1.3.0 255.255.255.0
default-router 10.1.3.1
netbios-name-server 10.1.1.5 10.1.1.19
netbios-node-type p-node
dns-server 10.1.1.211
What are the steps and command so I can set VLAN30 internet traffic to go out of the test firewall 10.1.1.210 and not break routes to all other VLAN's? Thanks in advance for your assistance and direction.
BlackJack
Time to create page: 0.118 seconds