Using Smoothwall Express With a Cisco Layer 3 Switch?

[FN-GM]

Hello,

This is more of a Networking question so i put it in here.

Please look at the attached diagram. This is what i am wanting to achieve in a test environment. I have setup the 3560 with 2 Vlans and they can communicate between each other no problem. I want to fit the Smoothwall express in the system like i the diagram.

How do i configure the Cisco switch so it has a route out to the Smoothwall box so we can get a net connection please?

Eventually i am looking to move something like this in production possibly using a big Smoothwall box.

Thanks

[FN-GM]

Please can we move this to the networks forum. I put this here by mistake :-)

[FN-GM]

Anyone please?

[twin--turbo]

en
conf t
ip route 0.0.0.0 0.0.0.0 ipofsmoothwall
exit
copy run start





You will need the smoothie to be on one of the vlans or create a new vlan and make sure IVR works.
you will also need routes on the smoothy back to the cisco.

[twin--turbo]

alternativly you can use

ip default-gateway ipofsmoothwall

[FN-GM]

Ok what if i have a 3rd VLAN that i dont want it to go via Smoothwall. Maybe to have no gateway or to go out via another gateway?

Thanks

[rwwest7]

Just create a route telling it which interface you want that subnet to go out on. The default route is only used if nothing else in the list matches.

Example:

ip route 172.16.188.252 255.255.255.252 FastEthernet 0/0

Edit: Sorry, misread your post. The above may not do what you're asking. You will need to use per vlan spanning tree to accomplish what you want. And you will need more switches.

[FN-GM]

Just create a route telling it which interface you want that subnet to go out on. The default route is only used if nothing else in the list matches.

Example:

ip route 172.16.188.252 255.255.255.252 FastEthernet 0/0

Edit: Sorry, misread your post. The above may not do what you're asking. You will need to use per vlan spanning tree to accomplish what you want. And you will need more switches.

@rwwest7 What does the IP route do please?

[FN-GM]

To route a specifc VLAN for example VLAN 502 to Smoothwall could i do this

ip route 172.20.2.0 255.255.255.0 ipofsmoothwall

Thanks

[FN-GM]

It turns out that Smoothwall express doesnt support multiple local subnets does anyone know of any alternatives please?

[twin--turbo]

Not sure about the smoothie.. what do you actually want it to do?

but to have a different DG, don't put an IP on the vlan interface and it won't route. Plug the other router into the vlan and have it issue DHCP to that vlan.

Rob

[FN-GM]

Well i want the VLANs to route.

Im just after a basic firewall to test some stuff

[cpjitservices]

ok best thing I can advise is this.

I dont know how smoothwall works but, if you want a basic firewall i'd do it in pfsense, and yes it supports multiple local subnets by grouping the Inteface IP's or adding IP's in as Aliasses, id go into the switches and add another vlan, add the vlan(s) on pfsense also and put DHCP on pfsense to serve on the vlans, if you have your internet connection plugged into the pfsense box it'll route to it anyway and aslong as you set your rules and gateways up properly, if traffic on VLAN 501 is destined for the internet Pfsense will forward it out of the gateway you specify (ie the internet) so you can get internet access but also that VLAN will access other parts of the network if you wish it to.#

Pfsense will route the vlans, give you internet access on the vlans if you wish, and you'll have either a simple or advanced firewall if you want.

[FN-GM]

Well i dont want it to route between the VLANS i want the L3 switch to do that.

Would i set a static route on the Switch so it knows for that vlan to go to pfsense? The DG of my clients will be the VLAN interface IP.

Something like

ip route 172.20.2.0 255.255.255.0 <ip of pfsense>

Basically i want it to act as a firewall and to get an internet connection to my test setup.

Thanks

[cpjitservices]

Just set pfsense as your default gateway.