Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Layer 3 Switching

Status
Not open for further replies.
fieryhail

fieryhail

IS-IT--Management
Mar 12, 2010
92
I am in a situation where I have a layer 3 switch, and am having difficulty with intervlan routing/switching. I have 2 networks connected to a Catalyst 3550 and both of those networks are connected to different interfaces on a PIX 525 for internet access with different access levels.

192.168.1.0/24 (workstations) and 192.168.2.0/24 (file servers and media servers)

Hosts in each network use 192.168.1.1 and 192.168.2.1 as their default gateway which is the IP of the PIX interface each network is connected to.

When traffic goes from 192.168.1.0 to 192.168.2.0 it always passes through the PIX. This is what I want to avoid. Does anyone have any ideas about how best to accomplish this? Thanks in advance for any suggestions.
 
Sort by date Sort by votes
You can achieve your desired solution several ways, one way is to enable routing on your layer 3 switch, if you have the right image then create three vlans. Assign 1st vlan to your workstations, 2nd vlan to your file servers and create a 3rd vlan which will be for your pix inside interface. Make the pix inside interface the gateway of last resort and this should work as desired. You can either use a routing protocol or create static routes.
 
Upvote 0 Downvote
I tried the method suggested. I created the extra vlan, and devices on that vlan were able to get outbound to internet, however there were issues. Hosts in the other vlans were able to access each other, example:
192.168.1.101 could reach 192.168.2.202 and vice versa but neither one could ping PIX or internet access. Hosts in 192.168.0.0 were able to get internet access. I setup
ip route 0.0.0.0 0.0.0.0 192.168.0.1 (192.168.0.1 being the PIX "inside" interface) in the 3550 but no good. while logged into the switch directly, I was able to do ping internet addresses. I tried creating a routed interface on the 3550 and connecting that to the inside interface of the PIX, still, no traffic from hosts in the other networks. Not sure what I am doing wrong here.
 
Upvote 0 Downvote
You need acls on the pix which will permit the newly created vlans to access the internet.
 
Upvote 0 Downvote
Post a config from both the switch and the PIX please...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
361
Hayden09
Hayden09
Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
229
Zero6
Zero6
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
148
NavinNet
NavinNet
cornelsbn
  • Locked
  • Question
Nexus 3064
Replies
1
Views
160
iggsterman
iggsterman
paoloitaly
  • Locked
  • Question
Cisco 3905 VOIP PHONE
Replies
1
Views
131
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top