LAN Routing
cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN routing and Internet acces from firewall

sudhakar-m
Occasional Visitor

VLAN routing and Internet acces from firewall

Currently we have only one VLAN (192.168.1.0/24) connected to internet thru firewall. the wan port of firewall  is connected to internet router and the lan port is connected to LAN thruogh HP Procurve 2810 switch. All the switches in the network are Procurve switches mostly 2510 and 2810 switches

Now our need has grown as the series (192.168.1.*) is fully occupied all the servers , clients, wireless devices. I would like to add another 192.168.2.* series for all the desktops and laptops. also plan to differentiate all the wireless devices, VP\N connectivity and internet access thru VLANs

For this, i have procured 3500yl switch and enabled IP routing. After few trials , i was able to communicate b/w VLANs. This was successful for the devices which have their default gateway as their VLAN IP address.

Here i am struck up with 2 issues...

 

1. i would like to have the second series (192.168.2.*) series in the VLAN-1 to communicate with servers and printers. If i add  this series to the VLAN 1 , i am unable to communicate b/w these 2 series only but able to communicate with other VLANs.

 

2.  Unable to connect to internet from other VLANs other than base VLAN (192.168.1.0) series. Default route has also been routed to the firewall which is in another building  and connected to this 3500yl switch thru 2810 switch.

 

Do i need to place this 3500 yl switch as immediate connection to the firewall replacing the 2810 or can ri be able to access internet directly in the below current scenario.

 

3500yl Switch  ------>  2810 Switch ---------> Firewall ---------------> Router --------Internet.

 

Tagging has been enabled on the uplinks of all the switches.

 

 

 IP Route Entries

  Destination        Gateway                  VLAN        Type      Sub-Type   Metric     Dist.
  ------------------ --------------- ---- -          --------         ---------- ---------- -----
  0.0.0.0/0          192.168.1.15                 1                 static               1          1   
  127.0.0.0/8        reject                                                static               0          0   
  127.0.0.1/32       lo0                                                connected            1          0   
  192.168.1.0/24     DEFAULT_VLAN    1              connected            1          0   
  192.168.2.0/24     DEFAULT_VLAN    1              connected            1          0   
  192.168.3.0/24     WATERS                   15         connected            1          0   
  192.168.8.0/24     VPN                           13              connected            1          0  

 

  

 

Can anybody help me in this.

 

Regards

Sudhakar M

 

1 REPLY
ISoliman
Super Advisor

Re: VLAN routing and Internet acces from firewall

define routes back from the firewall pointing to the ip address of the 3500yl 192.168.1.x

and make sure the servers and all clients gateways are pointing to the 3500yl IP addresses on there VLANs for the ip routing to work fine