Vlan Setup with Cisco L3 swithces
I have a full Cisco Stack ASA 5510-x, RT 2901, SW 3650g-48p0e
Current Data path
ISP -> ASA -> Route able port to RT 2901 -> Route able port to SW-L3 -> Running EIGRP for routing.
I would like to remove my ASA and the RT and replace it with the Firewalla GOLD (I have this already).
I have VLAN 10, 20, 30, 40, 50 in my environment and running L3 on my c3650. All the VLANS have their own Gateway (the VLAN IP on the L3 SW) I would like to Trunk the uplink on VLAN 10 to the Firewalla GOLD. Can I do this. Allow my L3 SW to take care of Routing internal LAN and allow the Firewalla GOLD to do WAN routing and Firewall / VPN roles
New Data Path
ISP -> Firewalla GOLD -> c3650 L3 (Core) -> Campus Switches
Please support in set up of the Firewalla GOLD Thank you.
-
From hear trunk your LAN network to the Firewalla port. ALL the Firewalla Networks are not a LAN type they are a VLAN type (Tag your VLANS#).
Ensure that your switch can ping google. You still need to have a default route out. In this case I have used my VLAN 10. I used the IP address of 10.15.10.254 (Firewalla IP on that Network VLAN)
Next ensure that your DHCP server (windows or Linux) will give out the IP address you gave each of your VLANS on the Firewalla NOT YOUR L3 SWITCH.
This the big difference, in Cisco world once you enable ip routing the switch will push traffic out your 0.0.0.0 0.0.0.0 Next hop. All your VLANS will be able to communicate and get DNS/www. traffic. Your DHCP pools will also have your Switch VLAN IP as the default gateway.
I suspect it is because the Firewalla is identifying that network traffic and will drop the packet.
Hope this helps anyone that is doing what I am doing. Thanks for reading.
Please sign in to leave a comment.
Comments
6 comments