HPE Community
Switches, Hubs, and Modems
1752845 Members
3745 Online
108789 Solutions
New Discussion юеВ

Different default route for vlan

 
Roberto Cremasco
Occasional Advisor

тАО06-01-2006 09:37 PM

тАО06-01-2006 09:37 PM

Different default route for vlan

Hi,

i need to configure a different dafault route for a specific vlan. In my case i have 5 vlan that has as default route the firewall to access internet. Now i need to configure the 6th Vlan but with a different default route to access an other firewall.
This can be possible?

Thank,
RoC
0 Kudos
5 REPLIES 5
Mohieddin Kharnoub
Honored Contributor

тАО06-02-2006 07:27 AM

тАО06-02-2006 07:27 AM

Re: Different default route for vlan

Hi
My dear ,what you need is Policy-based routing, which uses route maps that provide specific
forwarding instructions for the router based on source address.

If your switch doesn't support this, you can use an Static route for Vlan 6 to internet with Administrative Distance (metric) bigger than 1 (so non of other vlans use it), and add an Access list to prevent vlan 6 to use the default route, so all Vlan6 traffic will be directed to the new Firewall.

Anyway, If you use multiple ip route 0.0.0.0 0.0.0.0 commands to configure a default route, traffic is load-balanced over the multiple routes, so YOU can control this using ACL to redirect Vlan1-5 to first firewall, and Vlan6 to second firewall.

Good Luck
Science for Everyone
0 Kudos
Roberto Cremasco
Occasional Advisor

тАО06-02-2006 11:53 PM

тАО06-02-2006 11:53 PM

Re: Different default route for vlan

Thank for the answer.
My switch is a procurve 5300, do you known if support the policy based routing?

RoC.
0 Kudos
Leo Katona
Occasional Advisor

тАО06-05-2006 09:36 AM

тАО06-05-2006 09:36 AM

Re: Different default route for vlan

No, the 5300xl doesn't support policy-based routing, so there is no way to configure different routes for different source addresses/VLANs.

Would it be possible for you to connect the second firewall directly to the 6th VLAN, so the clients could use the firewall (and not the 5300xl) as their default gateway?

The firewall could then route traffic destined for your internal networks back to the 5300xl, if needed.

-leok
0 Kudos
Roberto Cremasco
Occasional Advisor

тАО06-06-2006 10:33 PM

тАО06-06-2006 10:33 PM

Re: Different default route for vlan

No i can't use the firewall as default gateway because all the traffic, including the local traffic to the server farm, will be routed by fw causing perf. problems.

Any other ideas?

Thanks in advance,
RoC
0 Kudos
Matt Hobbs
Honored Contributor

тАО06-06-2006 11:49 PM

тАО06-06-2006 11:49 PM

Re: Different default route for vlan

The 9300 and 7000dl series support policy based routing so you may need one of these products to achieve what you need. I'd recommend the 7000dl to use in combination with your existing 5300.


If you submit a question or new topic and another member replies to it, you will see a dropdown menu of points next to the reply (you must be logged in to see the menu). Select the point value and then click the "submit points" button. Note that you can rate multiple replies and submit them at one time.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.