4 Replies Latest reply on Feb 18, 2013 3:08 PM by levi

    Routing VLANs with shared access to the Internet through a FW

    beggstc New Member

      I have two vlans that I want both to have access to the Internet through a firewall. I am using a NetVanta 1544 with two untagged vlans and taking the trunk to a netgear firewall. I have vlan 10 as 192.168.10.1 and vlan 11 as 192.168.11.1. I have found directions on how to do this using the netgear firewall and a netgear L3 switch. I have the firewall setup according to them but can not get both vlans to have Internet access at the same time. It is either one or the other. Anyone have any suggestions?

        • Re: Routing VLANs with shared access to the Internet through a FW
          Employee

          beggstc - Could you reply to this post with the configuration from the NetVanta 1544? Please remember to remove any information that may be sensitive to your network.

           

          I also had a few additional questions. You mentioned that you are only able to get one VLAN or the other to go out the internet at a time. What do you have to change to get this to happen? Also, have you tried running any ping tests from a PC in each VLAN? How far are you able to ping when attempting to route both VLANs to the internet?

           

          Please do not hesitate to let us know if you have any questions.

           

          Thanks,

          Noor

            • Re: Routing VLANs with shared access to the Internet through a FW
              beggstc New Member

              Noor - Ended up figuring it out yesterday evening. The following is the configuration that I ended up with. I added a secondary ip on the fw for vlan 20 and added routes on the fw for the other vlans.

               

               

              vlan 1

                name "Default"

              !

              vlan 10

                name "192.168.10.0"

              !

              vlan 11

                name "192.168.11.0"

              !

              vlan 20

                name "192.168.20.0"

              !

              interface gigabit-switchport 0/1

                description MG2510

                no shutdown

                switchport access vlan 10

              !

              interface gigabit-switchport 0/2

                description Metaview Server

                no shutdown

                switchport access vlan 10

              !

              interface gigabit-switchport 0/3

                description MetaSphere EAS DSS1

                no shutdown

                switchport access vlan 11

              !

              interface gigabit-switchport 0/4

                description MetaSphere EAS DSS2

                no shutdown

                switchport access vlan 11

              !

              interface gigabit-switchport 0/5

                description SCON400#1

                no shutdown

                switchport access vlan 10

              !

              interface gigabit-switchport 0/6

                description Perimeta mgmt

                no shutdown

                switchport access vlan 10

              !

              interface gigabit-switchport 0/7

                description Perimeta Int Network

                no shutdown

                switchport access vlan 10

              !

              interface gigabit-switchport 0/8

                description Perimeta Int Network

                no shutdown

                switchport access vlan 10

              !

              interface gigabit-switchport 0/24

                no shutdown

                switchport mode trunk

                switchport trunk native vlan 20

              interface vlan 1

                ip address  10.10.10.1  255.255.255.0

                no awcp

                ip route-cache express

                no shutdown

              !

              interface vlan 10

                ip address  192.168.10.1  255.255.255.0

                no awcp

                ip route-cache express

                no shutdown

              !

              interface vlan 11

                ip address  192.168.11.1  255.255.255.0

                no awcp

                ip route-cache express

                no shutdown

              !

              interface vlan 20

                ip address  192.168.20.1  255.255.255.0

                no awcp

                ip route-cache express

                no shutdown

              !

              !

              !

              !

              !

              ip route 0.0.0.0 0.0.0.0 192.168.20.254

              !

                • Re: Routing VLANs with shared access to the Internet through a FW
                  Employee

                  beggstc -

                  I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.


                  Thanks,

                  Noor

              • Re: Routing VLANs with shared access to the Internet through a FW
                levi Employee

                beggstc:

                 

                I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                 

                Thanks,

                 

                Levi