Jump to content


hai sadikhov brothers plz help

Connectivity from Layer 3 Swi

  • Please log in to reply
1 reply to this topic

#1 vinu006

vinu006

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 05 December 2012 - 06:53 AM

Connectivity from Layer 3 Switch to Firewall

Hi Experts,



Posted Image

RACK 1 is the old rack and NEW RACK is the rack which is going to be procurred for some new Servers. All the Servers in the RACK 1 has a default gateway as PIX Inside IP. As of now the 3560 Switches acts as Layer 2 and does not have L3 IP routing enabled. Could you please suggest on how can I enable conenctivity between 192.168.36.0 range and 192.168.57.0 range wihtout making any change to current PIX inside IP address 192.168.57.1?

Is it possible that I can enable IP routing on the 3560 Switches , create interface VLAN 36 and since already Switch 2 has it 's default gateway as 192.168.57.1 , Would the traffic from 192.168.36.0 be routed to 192.168.57.1 ? Or do I need to create static route for that ?

Since L3 Routing is not enabled and since the 3560 Switches are just acting as L2 , the VLAN 2 - 192.168.57.0 range does not have any interface VLAN configured. Please correct me if I am wrong , so when it is changed I would need to create interface VLAN 2 on 3560 Switches , right ?

Please help !!!
  • 0

#2 Darby Weaver

Darby Weaver

    World's Largest Home Data Center

  • Global Moderators
  • PipPipPipPipPip
  • 8293 posts
  • Gender:Male
  • Location:USA
  • Interests:Taking on new CCNA/CCNP/CCIE/CCDA/CCDP/CCDE study group members. Interested?

Posted 08 December 2012 - 06:24 PM

Hmm.. I'm stepping out for the moment to get some work done.

The 192.168.57.0 exists on the Firewall and NAT should marry it to the 2.2.2.2 network on the outside interface of the Firewall.

The secondary Firewall should also be on the 2.2.2.2 network along with the primary firewall if they are to perform failover and replication correctly.

A layer 3 connection would be ideal since the 2.2.2.2 network needs to be able to route to the 192.168.36.0 network. So you can enable L3 routing on your switches and then trunk from those 2 L3 Switches to the L2 VLAN where the 192.168.36.0 network resides.

The default gateway of the L2 switches are not used by the various vlans on the switch but rather by the switch itself - think of the switch as a normal node on a network like say a PC for example and it needs a default gateway to talk to the rest of the network... but the ports on an L2 switch are assigned to other vlans and any port on a different vlan than the management vlan will need another way to talk as the "default gateway" on an L2 switch does not service all the various vlans on that switch.

Hope I am being clear enough.

No don't create a vlan on the switches to "route" the traffic from the 192.168.57.0 vlan. That network should exist on the 3560's as diagrammed, however, that traffic will be taken care of by the NAT function on the Firewalls.

Got it?


Darby
  • 0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users