cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

Routing VLANs with shared access to the Internet through a FW

Jump to solution

I have two vlans that I want both to have access to the Internet through a firewall. I am using a NetVanta 1544 with two untagged vlans and taking the trunk to a netgear firewall. I have vlan 10 as 192.168.10.1 and vlan 11 as 192.168.11.1. I have found directions on how to do this using the netgear firewall and a netgear L3 switch. I have the firewall setup according to them but can not get both vlans to have Internet access at the same time. It is either one or the other. Anyone have any suggestions?

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: Routing VLANs with shared access to the Internet through a FW

Jump to solution

Noor - Ended up figuring it out yesterday evening. The following is the configuration that I ended up with. I added a secondary ip on the fw for vlan 20 and added routes on the fw for the other vlans.

vlan 1

  name "Default"

!

vlan 10

  name "192.168.10.0"

!

vlan 11

  name "192.168.11.0"

!

vlan 20

  name "192.168.20.0"

!

interface gigabit-switchport 0/1

  description MG2510

  no shutdown

  switchport access vlan 10

!

interface gigabit-switchport 0/2

  description Metaview Server

  no shutdown

  switchport access vlan 10

!

interface gigabit-switchport 0/3

  description MetaSphere EAS DSS1

  no shutdown

  switchport access vlan 11

!

interface gigabit-switchport 0/4

  description MetaSphere EAS DSS2

  no shutdown

  switchport access vlan 11

!

interface gigabit-switchport 0/5

  description SCON400#1

  no shutdown

  switchport access vlan 10

!

interface gigabit-switchport 0/6

  description Perimeta mgmt

  no shutdown

  switchport access vlan 10

!

interface gigabit-switchport 0/7

  description Perimeta Int Network

  no shutdown

  switchport access vlan 10

!

interface gigabit-switchport 0/8

  description Perimeta Int Network

  no shutdown

  switchport access vlan 10

!

interface gigabit-switchport 0/24

  no shutdown

  switchport mode trunk

  switchport trunk native vlan 20

interface vlan 1

  ip address  10.10.10.1  255.255.255.0

  no awcp

  ip route-cache express

  no shutdown

!

interface vlan 10

  ip address  192.168.10.1  255.255.255.0

  no awcp

  ip route-cache express

  no shutdown

!

interface vlan 11

  ip address  192.168.11.1  255.255.255.0

  no awcp

  ip route-cache express

  no shutdown

!

interface vlan 20

  ip address  192.168.20.1  255.255.255.0

  no awcp

  ip route-cache express

  no shutdown

!

!

!

!

!

ip route 0.0.0.0 0.0.0.0 192.168.20.254

!

View solution in original post

0 Kudos
4 Replies
Anonymous
Not applicable

Re: Routing VLANs with shared access to the Internet through a FW

Jump to solution

- Could you reply to this post with the configuration from the NetVanta 1544? Please remember to remove any information that may be sensitive to your network.

I also had a few additional questions. You mentioned that you are only able to get one VLAN or the other to go out the internet at a time. What do you have to change to get this to happen? Also, have you tried running any ping tests from a PC in each VLAN? How far are you able to ping when attempting to route both VLANs to the internet?

Please do not hesitate to let us know if you have any questions.

Thanks,

Noor

Anonymous
Not applicable

Re: Routing VLANs with shared access to the Internet through a FW

Jump to solution

Noor - Ended up figuring it out yesterday evening. The following is the configuration that I ended up with. I added a secondary ip on the fw for vlan 20 and added routes on the fw for the other vlans.

vlan 1

  name "Default"

!

vlan 10

  name "192.168.10.0"

!

vlan 11

  name "192.168.11.0"

!

vlan 20

  name "192.168.20.0"

!

interface gigabit-switchport 0/1

  description MG2510

  no shutdown

  switchport access vlan 10

!

interface gigabit-switchport 0/2

  description Metaview Server

  no shutdown

  switchport access vlan 10

!

interface gigabit-switchport 0/3

  description MetaSphere EAS DSS1

  no shutdown

  switchport access vlan 11

!

interface gigabit-switchport 0/4

  description MetaSphere EAS DSS2

  no shutdown

  switchport access vlan 11

!

interface gigabit-switchport 0/5

  description SCON400#1

  no shutdown

  switchport access vlan 10

!

interface gigabit-switchport 0/6

  description Perimeta mgmt

  no shutdown

  switchport access vlan 10

!

interface gigabit-switchport 0/7

  description Perimeta Int Network

  no shutdown

  switchport access vlan 10

!

interface gigabit-switchport 0/8

  description Perimeta Int Network

  no shutdown

  switchport access vlan 10

!

interface gigabit-switchport 0/24

  no shutdown

  switchport mode trunk

  switchport trunk native vlan 20

interface vlan 1

  ip address  10.10.10.1  255.255.255.0

  no awcp

  ip route-cache express

  no shutdown

!

interface vlan 10

  ip address  192.168.10.1  255.255.255.0

  no awcp

  ip route-cache express

  no shutdown

!

interface vlan 11

  ip address  192.168.11.1  255.255.255.0

  no awcp

  ip route-cache express

  no shutdown

!

interface vlan 20

  ip address  192.168.20.1  255.255.255.0

  no awcp

  ip route-cache express

  no shutdown

!

!

!

!

!

ip route 0.0.0.0 0.0.0.0 192.168.20.254

!

View solution in original post

0 Kudos
Anonymous
Not applicable

Re: Routing VLANs with shared access to the Internet through a FW

Jump to solution

-

I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.


Thanks,

Noor

Anonymous
Not applicable

Re: Routing VLANs with shared access to the Internet through a FW

Jump to solution

:

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi