Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how to implement accelar 1200 with vlan to access internet

Status
Not open for further replies.
technology04

technology04

Technical User
Oct 25, 2004
4
CA
I have some baystack450-24 with vlans for different customers, trunking to nortel accelar1200 with tagged port, but we want to use watchguard firewall,firebox1000 or 2500(they didn't support 802.1Q trunk) to access internet, how to implement, any idea appreciate.
 
Sort by date Sort by votes
you need to make a new vlan for internett access, and make a default route on the PP1200, the passport must have the firebox as next hop..

 
Upvote 0 Downvote
thank you, Pederchr,
I will try it, as i know, default route can only be used in stub networks-those with only one exit path out of network, but i have more vlans, that means maybe they don't know where packets will be forward, right? please give me some points, thanks again
 
Upvote 0 Downvote
If I understand you correct you want to route every vlan to the GW ? or just one Vlan ?


Every vlan will use this default route, the PP1200 has no support for VR, or policy routing.



 
Upvote 0 Downvote
I create vlans for different tenants, so all tenants in different vlan should access to internet. i know if i use watchguard firebox vclass v60/80/100, implementation is very easy, also it is very secure.in this way, i don't need routing, just create different vlan,PCs in different vlan just set up firewall virtual port ip address as default gateway, that's all. but my company wants to use current firewall(they don't want to cost money any more), right now we have firebox1000/2500, they don't support vlan 802.1Q(trunking). so i have to think about other way. i think using routing system can work, let's say we have 4 vlan, vlan1, 2, 3 for different tenants, vlan4 for firewall, setup routing from 1,2,3 to 4 but in practice, it doesn't work,what's wrong? also i have to use ip filter to block inter-vlan connecting, but in practice, they still can ping each vlan. i need your help, proposal

thank you very much
 
Upvote 0 Downvote
Nortel Baystack uses the terminology VLAN to indicate what packets a port can receive, and PVID to indicate how packets that port sends are marked.

if the firewall is on VLAN 1,2, and 99 and PVID 99, then the firewall can see packets marked 1 and 2 and 99 and only sends packets marked 99 (the firewall may not need to be in VLAN 99 as it is the only device sending with a PVID of 99 but I always did)

the ports in both VLAN 1 and 99 which have a PVID of 1 cannot see VLAN 2 at all, but can see the firewall.

the ports in both VLAN 2 and 99 which have a PVID of 2 cannot see VLAN 1 at all, but can see the firewall.

I tried to remain child-like, all I acheived was childish.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lneto
  • Locked
  • Question
inter vlan routing
Replies
0
Views
217
lneto
lneto
AlfonsoSF
  • Locked
  • Question
how to configure a port with two or more vlans
Replies
0
Views
196
AlfonsoSF
AlfonsoSF
tdhaslett
  • Locked
  • Question
Hotline setup to four cell phones
Replies
1
Views
239
tdhaslett
tdhaslett
tdhaslett
  • Locked
  • Question
Mysterious calls to my cell phone
Replies
5
Views
284
tdhaslett
tdhaslett
khalil naheet
  • Locked
  • Question
My call come back to the oprator
Replies
1
Views
235
ipohead
ipohead

Part and Inventory Search

Sponsor

Back
Top