Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: VLAN routing

VLAN routing 8 years 10 months ago #24768

  • BlackJack
  • BlackJack's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
I am currently in the process of testing my new Watchguard firewall and I need anyone's assistance in configuring my Cisco 4006 with sup II/III engine. I have two firewalls connected, one test and one production. I have 5 VLANs (10.1.1.0, 10.1.2.0, 10.1.3.0, 10.1.4.0, 10.1.5.0) and would like to know how to configure one of the vlan to go out to the internet using the test firewall (10.1.1.210). The gateway of last resort is currently configured to go out of the production firewall (10.1.1.211).

Thanks you for any advice or assistance.
The administrator has disabled public write access.

Re: VLAN routing 8 years 10 months ago #24784

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
BlackJack,

Configuring interVlan routing is quite simple.

1) Assign an IP address for every VLAN interface you've configured on your 4006.
2) in global configuration mode (config#) enable ip routing by entering the command "ip routing"
3) Assign a the ports required, to each VLAN you've created.
4) Each host must have as a 'gateway', the ip address of the vlan interface belonging on the 4006.

If you require specific commands e.t.c, please let us know.

Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: VLAN routing 8 years 10 months ago #24787

  • BlackJack
  • BlackJack's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Thanks for the Reply Chris. All the VLAN was already assigned an IP and gateway and IP routing was also enabled. I did not explain my current configuration but, here it is. I have a Cisco 29xx and Cisco 35xx layer 2 switch connected to a CISCO Catalyst 4006 router. I have 10 VLANs not 5 with two firewall, test (10.1.1.210) and production (10.1.1.211) connected directly to my 4006. Here is my current route:

S 2xx.153.217.0/24 [1/0] via 1xx.175.1.39
S 2xx.1.126.0/24 [1/0] via 10.1.1.211
C 1xx.175.0.0/16 is directly connected, Vlan175
S 2xx.153.216.0/24 [1/0] via 1xx.175.1.39
S 1xx.168.10.0/24 [1/0] via 10.10.6.1
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C 10.1.8.0/24 is directly connected, Vlan80
C 10.10.6.0/27 is directly connected, Vlan175
C 10.1.3.0/24 is directly connected, Vlan30
C 10.1.2.0/24 is directly connected, Vlan20
C 10.99.99.0/24 is directly connected, Vlan1
C 10.1.1.0/24 is directly connected, Vlan10
C 10.1.7.0/24 is directly connected, Vlan70
C 10.1.5.0/24 is directly connected, Vlan50
C 10.1.4.0/24 is directly connected, Vlan40
C 10.1.175.0/24 is directly connected, Vlan175
S 2xx.166.193.0/24 [1/0] via 1xx.175.1.39
S 2xx.146.91.0/24 [1/0] via 1xx.175.1.39
S* 0.0.0.0/0 [1/0] via 10.1.1.241

Chris, are you suggesting that I changed my vlan 10.1.3.0/24 gateway from 10.1.3.1 to 10.1.1.210? Here is the current VLAN30 settings:

ip dhcp pool vlan30
network 10.1.3.0 255.255.255.0
default-router 10.1.3.1
netbios-name-server 10.1.1.5 10.1.1.19
netbios-node-type p-node
dns-server 10.1.1.211

What are the steps and command so I can set VLAN30 internet traffic to go out of the test firewall 10.1.1.210 and not break routes to all other VLAN's? Thanks in advance for your assistance and direction.

BlackJack
The administrator has disabled public write access.
Time to create page: 0.076 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup