Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN-based default gateway

VLAN-based default gateway

Hi

I have a 5308 on which I use IP routing, and two firewalls to connect some networks together.

I now want a simple solution to a challenge I got.
The optimal solution would be to have dependencies in the routing table, and I hope that is possible, even though I doubt it.

I have to "main" networks, each connected to seperate firewalls. I use the 5308 today to terminate networks, and a glue network between the 5308 and one of the firewalls. Now I want the same with the second firewall.

An easy setting would be that all traffic with source IP starting with 10.200 (I can use 10.200.0.0/16) should have a default gateway of 10.200.1.1, while all other should have a default gateway 10.100.1.1.
The last one is working today, I now want the 10.200.1.1 gateway setting.

I realise I can set up static routes, its not more than 30 networks in the 10.200-segment. But I also need to assure there are no traffic between the 10.100-networks and the 10.200-networks. This wil be a lot of ACL's to manage.

Unless some of you geniuses have a simple solution for me that I have not thought of....
4 REPLIES
Mohieddin Kharnoub
Honored Contributor

Re: VLAN-based default gateway

Hi

Simply

You need a Policy based routing that forward traffic based on both Source and Destination IP Address.

An unfortunately this is not available on any of the ProCurve switches.

You need an external router/firewall to do that.

From the ProCurve family, you have the Secure Router/Firewall 7102 or 7203 series.

Good Luck !!!
Science for Everyone

Re: VLAN-based default gateway

could you not do this at a dhcp level, set the gateway in your scope for 10.200.0 vlan to be 10.200.1.1

the in your other scope for the other vlan(s) to route to there vlan ip and set static routes on the switch to go to 10.100.1.1 or if you only have a total of two vlan that you want the routing on make the gateway 10.100.1.1 in the scope.

Re: VLAN-based default gateway

Hi,

Mohieddin; thanks for your reply, it seems I have to settle with ACL's.

Daniel; the problem is not routing in my network, but in my switch. Setting default gateway using dhcp would make me have to remove routing in my switch, wont it?

-Rune-

Re: VLAN-based default gateway

Hi again

I am kinda new on accesslists.

Can I use this as a inbound access-list on all my VLAN's in my 10.200-subnet?

What I want to do is to deny all other trafic than the traffic between the different 10.200-networks.

ip access-list extended "close"
deny ip 10.100.0.0 0.0.255.255 10.200.0.0 0.0.255.255
permit ip 10.200.0.0 0.0.255.255 10.200.0.0 0.0.255.255


Best regards


-: Rune :-