I have been struggling with my first VLAN setup. We currently use the default VLAN1 (10.2.1.0/24) for a flat network and are adding a second VLAN (192.168.20.0/24). I want to send traffic between VLANS to the VLAN aware firewall so I can restrict the type of traffic across VLANS. We have a switch on each floor, with a core Layer 3 switch acting as a router/gateway managing traffic. The core switch's default route is to the firewall. My PC's gateway is configured as the core switch and not the edge firewall. If I try to ping from my machine on VLAN1 to a machine on VLAN2, it fails and the firewall never sees the traffic. If i set my PC's default gateway to that f the firewall, everything works perfectly.
I am concerned about changing the default gateway on all PC's and Devices from the core switch (where some routes are created) to the firewall. I am not sure what may break.
My question is this: It seems like the core switch/gateway is trying to handle the traffic destined to the new VLAN. How can I force traffic destined to the new VLAN to the firewall (already the default route of core switch)?
I have tried adding a static route, but it just seems to define the VLAN and not route traffic. My next thought is using an ACL to block inter VLAN traffic at the switch level. Any tips or direction would be appreciated.
Thanks!
No comments:
Post a Comment