Skip to main content

Cisco 3550 VLANs Help

More
17 years 11 months ago #17370 by raxso
Cisco 3550 VLANs Help was created by raxso
Hi,

I have a cisco 3550 switch, with 2 ISA servers (A and B) and a web server connected to it.
I have the following setup:

Vlan1 - both front end ISA interfaces connected
Vlan 2 - Backend ISA A interface
Vlan 3 - front end web server interface connected.

with the following config
[code:1]
interface Vlan1
ip address 10.1.4.2 255.255.255.0
no ip redirects
standby 1 ip 10.1.4.1

interface Vlan2
ip address 10.1.5.2 255.255.255.0
no ip redirects
standby 2 ip 10.1.5.1

interface Vlan3
ip address 10.1.6.2 255.255.255.0
no ip redirects
standby 3 ip 10.1.6.1

ip route 0.0.0.0 0.0.0.0 10.1.5.254 (backend of ISA A)
ip route 10.1.4.0 255.255.255.0 10.1.5.254 permanent
[/code:1]
When i ping the front end of the ISA from vlan 3, i want the packet to go through the vlan 2 and then onto vlan 1, how ever this is going straight to VLAN1, is the configuration i need to make in order for this to work

thanks

Raxso
More
17 years 11 months ago #17371 by Smurf
Replied by Smurf on topic Re: Cisco 3550 VLANs Help
Sorry but i aint an expert on this, yet :)

Anyhow, because its a layer 3 switch it will route the traffic direct as its physically connect to its self. Dunno if there is a work around though, hopefully some more folk in here with greater knowledge then me will be able to answer that.

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
17 years 11 months ago #17375 by Chris
Replied by Chris on topic Re: Cisco 3550 VLANs Help
Interesting scenario this one.

Personally I've never tried it your setup, and the problem seems to be the fact that the Switch is able to route traffic directly to Vlan1 which is where the Front end of your 'A' ISA server resides.

If you moved the front end ISA to a different Vlan which your switch didn't have an IP address assigned, the routing should then work correctly, but you'll have to try it and let us know of the results.

Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
17 years 11 months ago #17394 by Elohim
Replied by Elohim on topic Re: Cisco 3550 VLANs Help
You need to turn one of them into a layer 2 vlan. I'll let you figure it out which one. If by monday, you still haven't figure it out, I'll tell you.
More
17 years 11 months ago #17409 by Smurf
Replied by Smurf on topic Re: Cisco 3550 VLANs Help

You need to turn one of them into a layer 2 vlan. I'll let you figure it out which one. If by monday, you still haven't figure it out, I'll tell you.


I was thinking around the same lines the other day (which i suppose is basically what Chris is saying by removing the IP Address thats mapped to one of them).

I was basically thinking that the setup allowing all the VLANs to intervlan route seems a little strange if you want ISA Server in the mix to do some firewalling ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
17 years 11 months ago #17459 by Elohim
Replied by Elohim on topic Re: Cisco 3550 VLANs Help
Vlan 1 needs to be layer 2. Next task, how do you make it layer 2 and how do you make it so that your traffic travels the route you want it to. Answer by friday if you haven't guessed it.
Time to create page: 0.131 seconds