Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

vlans with 2950 question

Status
Not open for further replies.
tomii

tomii

Technical User
Mar 12, 2001
93
0
0
GB
my question is..i have two vlans, vlan2 and vlan3 on one switch with no trunking, as i want them to be in isolation and use a firewall to connect the two vlans for routing. my question now is how can i configure a management vlan on the switch for remote access? if for example i setup an ip address on interface vlan 1 what would be the default-gateway? there is no router/firewall connected on vlan1..i know i can connect a client on a port on vlan1 but that would not allow me access from anywhere within my network will it?

another question..at present i have the one firewall as the default-gateway for each client within the two vlans. i want to put a second firewall as a backup, but how can client failover to this second firewall as their default-gateway?

Thanks all!
 
Sort by date Sort by votes
Following, I tried to give a rough idea of what you need to do:

1. create a new vlanX , assign port to this vlanX.
2. Connect that port to FW interface that you have create in the same range than vlanx.
FW1 will have IP1 and FW2 will have IP2 address.
3. Create Virtual IP (Vip/vrrp) for both FWs (configured in mode Master/Slave).
4. This Vip will be your defaultgateway.
5. The routing you will define in the FWs will let you remote traffic coming in and out.

This IP will be the default gateway
 
Upvote 0 Downvote
Hi Lequang,

Thanks for your help..it makes more sense now but if i have more than one vlan say 3 vlans connected to 3 physical ports on the FWs, would i then need to setup 3 Vip? each Vip as a separate defaultgateway for the 3 subnet vlans? what about the management vlan? it has no connection to the firewall, does that mean i can only use a client directly connected to the management vlan to telnet to it?

Thanks
 
Upvote 0 Downvote
Hi Tomii,

The vlanX you create is the gateway to your FWs. one vlanX is enough. All unknown destinations requested by hosts in vlan1,2,3, etc... will be directed to virtual IP (belonging to vlanX) and then will be routed by the FWs to Internet or somewhere else.

Hope this help.
 
Upvote 0 Downvote
Lequang,

I don't quite follow..vlan1,2,3.etc..are all isolated vlans with no trunking, a physical port on the FWs connected each of the vlans together. If i create a new vlanX then how can they other vlan access this vlanX, does that mean i have to turn on trunking?

All this is pretty new to me, so please bear with me.

Thanks
 
Upvote 0 Downvote
I think that C2950 is a layer-2 Switch: all hosts from all vlanx can communicate together. (You need to test this point). If you create vlanx, FW will have ip / MAC address and Vip will have MAC address too.
I dont think you need trunking if you dont have uplink.

Normally, we use other switch with routing capacity as core switch (C65xx or C45xx to perform routing between Vlans).

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
68
Zero6
Zero6
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
87
BIS
BIS
inlsp05
  • Locked
  • Question
2811 ios start with cf
Replies
0
Views
46
inlsp05
inlsp05
khashyar2021
  • Locked
  • Question
Problem with cisco switch after upgrading
Replies
1
Views
72
Geraldine Souza
Geraldine Souza
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
40
mikey789
mikey789

Part and Inventory Search

Sponsor

Back
Top