Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Default gateways for each vlan in 2626 switches

G.C.Sreevathsan
Occasional Visitor

Default gateways for each vlan in 2626 switches

Dear All

We have Hp procurve 2626 Switches with three Vlans(10.101.0.0/10.102.0.0.10.103.0.0).we also have two isp links from two different ISP.We want default gateway of two vlan's(10.101.0.0 / 10.102.0.0) to point to PIX Firewall address of ISP1 and the third vlan(10.103.0.0) should have the default gateway of the second PIX firewall address.How to go about it.
4 REPLIES
Matt Hobbs
Honored Contributor

Re: Default gateways for each vlan in 2626 switches

I'm not really familiar with PIX firewalls but if you can let it handle the routing then I would configure the VLANs on the 2600 and tag those vlans back to the PIX.

If not, you could enable routing on the switch 'ip routing' and then add static routes for each subnet with the corresponding pix firewall address:

e.g 'ip route 10.101.0.0 255.255.0.0 10.101.0.1'

With the 2600 series though, it is a light-weight router and cannot handle too many downstream clients (you should try to keep it less than 128 downstream clients).

If this is no help, if you have a network map you could attach it may help for others to add further suggestions.
G.C.Sreevathsan
Occasional Visitor

Re: Default gateways for each vlan in 2626 switches

Mark

The IP route command given by you is given as source Address.I think we have to give the destination address and Default gateway.Since it is going to access the internet we cannot add all the destination ip addresses.

Ip routing is enabled on the switch for intervlan communication.

Our Setup is that

Two ISP Connections

VLAN 1 Vlan 2 should connect the Internet and VPN Connection via ISP 1 which is connected to PIX Firewall

Vlan 3 should Connect the Internet and VPN Connection via ISP2 which is connected to another firewall

It is bit like failover and load balancing.
If the Primary ISP link is up we have to Connect Internet and VPN Connections via ISP 1 and if it goes down We have to connect the Internet and VPN Connection via ISP 2 which is Connected to another firewall from VLAN 3.
Matt Hobbs
Honored Contributor

Re: Default gateways for each vlan in 2626 switches

You're right, I was thinking more in line with ACL's.

You would need to add something similar to a default route of 0.0.0.0/0 but one for each VLAN.

I'm fairly sure this isn't possible on the 2600. The 7000dl routers have some load balancing features which is probably what you're after.
Olaf Borowski
Respected Contributor

Re: Default gateways for each vlan in 2626 switches

Hi,

Matt is right. You probably want something like the ProCurve 7000dl series WAN router. It supports policy based routing which means, that you can forwared packets based on the source address and set the next hop.

For addresses matching VLAN1 and VLAN2, set the next hop to ISP1, for VLAN3, set the next hop to ISP2.

BTW: The WAN router also has a build-in firewall, NAT, etc. which could replace the PIX altogether.

Olaf