HPE Community
Switches, Hubs, and Modems
1753777 Members
7755 Online
108799 Solutions
New Discussion юеВ

Re: VLAN-based default gateway

 
Rune Millerjord
Advisor

тАО05-30-2007 07:46 PM

тАО05-30-2007 07:46 PM

VLAN-based default gateway

Hi

I have a 5308 on which I use IP routing, and two firewalls to connect some networks together.

I now want a simple solution to a challenge I got.
The optimal solution would be to have dependencies in the routing table, and I hope that is possible, even though I doubt it.

I have to "main" networks, each connected to seperate firewalls. I use the 5308 today to terminate networks, and a glue network between the 5308 and one of the firewalls. Now I want the same with the second firewall.

An easy setting would be that all traffic with source IP starting with 10.200 (I can use 10.200.0.0/16) should have a default gateway of 10.200.1.1, while all other should have a default gateway 10.100.1.1.
The last one is working today, I now want the 10.200.1.1 gateway setting.

I realise I can set up static routes, its not more than 30 networks in the 10.200-segment. But I also need to assure there are no traffic between the 10.100-networks and the 10.200-networks. This wil be a lot of ACL's to manage.

Unless some of you geniuses have a simple solution for me that I have not thought of....
0 Kudos
4 REPLIES 4
Mohieddin Kharnoub
Honored Contributor

тАО05-30-2007 10:19 PM

тАО05-30-2007 10:19 PM

Re: VLAN-based default gateway

Hi

Simply

You need a Policy based routing that forward traffic based on both Source and Destination IP Address.

An unfortunately this is not available on any of the ProCurve switches.

You need an external router/firewall to do that.

From the ProCurve family, you have the Secure Router/Firewall 7102 or 7203 series.

Good Luck !!!
Science for Everyone
0 Kudos
daniel wright_1
Advisor

тАО06-01-2007 08:18 AM

тАО06-01-2007 08:18 AM

Re: VLAN-based default gateway

could you not do this at a dhcp level, set the gateway in your scope for 10.200.0 vlan to be 10.200.1.1

the in your other scope for the other vlan(s) to route to there vlan ip and set static routes on the switch to go to 10.100.1.1 or if you only have a total of two vlan that you want the routing on make the gateway 10.100.1.1 in the scope.
0 Kudos
Rune Millerjord
Advisor

тАО06-03-2007 06:09 PM

тАО06-03-2007 06:09 PM

Re: VLAN-based default gateway

Hi,

Mohieddin; thanks for your reply, it seems I have to settle with ACL's.

Daniel; the problem is not routing in my network, but in my switch. Setting default gateway using dhcp would make me have to remove routing in my switch, wont it?

-Rune-
0 Kudos
Rune Millerjord
Advisor

тАО06-03-2007 10:16 PM

тАО06-03-2007 10:16 PM

Re: VLAN-based default gateway

Hi again

I am kinda new on accesslists.

Can I use this as a inbound access-list on all my VLAN's in my 10.200-subnet?

What I want to do is to deny all other trafic than the traffic between the different 10.200-networks.

ip access-list extended "close"
deny ip 10.100.0.0 0.0.255.255 10.200.0.0 0.0.255.255
permit ip 10.200.0.0 0.0.255.255 10.200.0.0 0.0.255.255


Best regards


-: Rune :-
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.