Okay, I have a quick question about what I feel should be a simple task.
Quick Summary: Create a vlan and a static route on a stack of Nortel 55xx ERS devices acting as a core router to a Checkpoint firewall interface for all traffic with the a certain destination IP prefix.
To cut down on common traffic that gets logged in the firewall such as DHCP / WSUS / ETC we are creating a 'bypass' connection to the ip that handles that from the core stack which is then routed further by the checkpoint firewall.
I guess the main thing I want to make sure I know how to do is create said vlan, assign it an IP, and create a static route on the core router. So that when we plug in the bypass cable it will work as it is supposed to. I have made what I feel our the necessary changes but I just want to reach out just in case I missed something. :/
From my router config and command this is what I have done so far:
show vlan
96 DMZ-Traffic Port None 0x0000 Yes IVL No Port Members: 4/13
Vid ifIndex Address Mask MacAddress Offset Routing
Primary Interfaces
1 10001 10.188.16.1 255.255.240.0 00:1A:8F:69:B4:40 1 Enabled
96 10096 172.30.188.11 255.255.255.0 00:1A:8F:69:B4:42 3 Enabled
ip routing
interface vlan 96 ip address 172.30.188.11 255.255.255.0 3
show ip route static
IP Static Route
DEST MASK NEXT COST PREF LCNHOP STATUS ENABLE0.0.0.0 0.0.0.0 10.188.16.5 1 5 TRUE ACTIVE TRUE
10.253.188.0 255.255.255.0 172.30.188.1 1 5 FALSE INACTV TRUE
exit
No comments:
Post a Comment