Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Cisco 3550 VLANs Help

Cisco 3550 VLANs Help 10 years 1 month ago #17370

  • raxso
  • raxso's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
Hi,

I have a cisco 3550 switch, with 2 ISA servers (A and B) and a web server connected to it.
I have the following setup:

Vlan1 - both front end ISA interfaces connected
Vlan 2 - Backend ISA A interface
Vlan 3 - front end web server interface connected.

with the following config
[code:1]
interface Vlan1
ip address 10.1.4.2 255.255.255.0
no ip redirects
standby 1 ip 10.1.4.1

interface Vlan2
ip address 10.1.5.2 255.255.255.0
no ip redirects
standby 2 ip 10.1.5.1

interface Vlan3
ip address 10.1.6.2 255.255.255.0
no ip redirects
standby 3 ip 10.1.6.1

ip route 0.0.0.0 0.0.0.0 10.1.5.254 (backend of ISA A)
ip route 10.1.4.0 255.255.255.0 10.1.5.254 permanent
[/code:1]
When i ping the front end of the ISA from vlan 3, i want the packet to go through the vlan 2 and then onto vlan 1, how ever this is going straight to VLAN1, is the configuration i need to make in order for this to work

thanks

Raxso
The administrator has disabled public write access.

Re: Cisco 3550 VLANs Help 10 years 1 month ago #17371

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Sorry but i aint an expert on this, yet :)

Anyhow, because its a layer 3 switch it will route the traffic direct as its physically connect to its self. Dunno if there is a work around though, hopefully some more folk in here with greater knowledge then me will be able to answer that.

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Cisco 3550 VLANs Help 10 years 1 month ago #17375

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Interesting scenario this one.

Personally I've never tried it your setup, and the problem seems to be the fact that the Switch is able to route traffic directly to Vlan1 which is where the Front end of your 'A' ISA server resides.

If you moved the front end ISA to a different Vlan which your switch didn't have an IP address assigned, the routing should then work correctly, but you'll have to try it and let us know of the results.

Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: Cisco 3550 VLANs Help 10 years 1 month ago #17394

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
You need to turn one of them into a layer 2 vlan. I'll let you figure it out which one. If by monday, you still haven't figure it out, I'll tell you.
The administrator has disabled public write access.

Re: Cisco 3550 VLANs Help 10 years 1 month ago #17409

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
You need to turn one of them into a layer 2 vlan. I'll let you figure it out which one. If by monday, you still haven't figure it out, I'll tell you.

I was thinking around the same lines the other day (which i suppose is basically what Chris is saying by removing the IP Address thats mapped to one of them).

I was basically thinking that the setup allowing all the VLANs to intervlan route seems a little strange if you want ISA Server in the mix to do some firewalling ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Cisco 3550 VLANs Help 10 years 1 month ago #17459

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
Vlan 1 needs to be layer 2. Next task, how do you make it layer 2 and how do you make it so that your traffic travels the route you want it to. Answer by friday if you haven't guessed it.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup