I have a layer 3 Cisco switch. I've made 10 VLANs with different IP address range and I want each VLAN users to be controlled by a firewall when they want to communicate with users in other VLANs. But my Cisco switch layer 3 module simply routes all packets to their destinations because it recognizes them all as connected subnets.
How can I prevent this? I want all packets have to go to firewall and then firewall decides if packet is permitted or denied accessing other VLAN.How to use a layer 3 switch and a firewall?
If they are all in the same switch, this is nearly impossible unless it's a Catalyst 6500 with a firewall blade. But I'm betting you're dealing with a 3750 or something similar.
You might be able to assign a next hop using policy based routing, but I've never tried this. Not sure if it would work or not. But that's the only way I can think of to get them through an external firewall.
You could set up access lists and apply them to the individual VLAN interfaces on the switch. It isn't stateful, but it might get you where you need to go.How to use a layer 3 switch and a firewall?
Best answer Report Abuse
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment