Routing – the proper switch configuration for the switch that is connected directly to ISP source

isplayer3routingswitchswitching

The Question: What is the proper configuration for the L3 switch to be allowed to assign public IPs for the firewalls?

I guess All I need is that the switch L3 act as a layer 2 switch…Right?

Update
1- The Same ISP provides two public subnets /29 ( wan 1 and wan 2)
2- SFP connectors are connected to Cisco 3650
3- The Firewalls are Fortigate and they are working as Routers (NAT Mode).

I just need to know:

what is the ports configuration on the layer 3 switch that will be connected to the ISP?
what is the ports configuration on the layer 3 switch that will be connected to the Firewalls? Or any device will be connected directly to the L3 switch to have a public IP?

Best Answer

Generally, you'd want to avoid plugging a switch directly into the ISP (even a layer 3) but if your Fortigate is acting as a router, you can use the switch by doing the following:

Assign it one of the IP's from your ISP. Switch your links to trunk link connecting to the router, and access links to the end users. Set your default gateway (including your gateway of last resort back to the ISP) and you should have a bare bones network.

You can spread out and run VLANs, but I would start with it as easy as possible, make sure it works, then add customization one piece at a time.

Related Solutions

Routing – Reconfiguring Layer3 Switch to enable IP routing and become the default gateway

I tried to upload a visio picture that shows what I think you are trying to accomplish, but I guess I need more reputation! You basically need to enable IP routing on the HP switch that will be the gateway, and add a default route. I definitely recommend using separate VLANs for your different networks. You will also need to make sure that your ISP router has a route back to your HP switch for your 192.168.1.0/24 network:

ISP Router

Int fa0/0    
Ip address X.X.X.1 255.255.255.252    
Ip route 192.168.1.0 255.255.255.0 X.X.X.2

HP Switch 1

Ip routing  
Vlan 10 name ISP  
Ip address X.X.X.2 255.255.255.252  
Untagged 1  
Vlan 20 name LAN  
Ip address 192.168.1.1 255.255.255.0  
Untagged 2-48  
Ip route 0.0.0.0 0.0.0.0 X.X.X.1

HP Switch 2

Ip default-gateway 192.168.1.1  
Vlan 20 name LAN  
Ip address 192.168.1.2 255.255.255.0  
Untagged 1-48

Cisco – Inter-VLAN Routing with Cisco 800 Series Router

Just connect the trunk port on your switch to FastEthernet0 on your router which you have configured as a trunk port. Also make sure that whatever equipment you have on those two networks have configured 192.168.10.80 and 192.168.1.69 respectively as default gateways. You should also have ip routing enabled which it should be by default.

It's very much like the typical "router on a stick" except for using vlan interfaces instead of subinterfaces.

If it doesn't work, verify the trunk link with show interface status and show interfaces trunk. You can also verify the vlan interfaces with show ip int brief and make sure they are up. If they are down it's probably because you haven't created the layer 2 vlans or because they are not allowed on the trunk.

Best Answer

Related Solutions

Routing – Reconfiguring Layer3 Switch to enable IP routing and become the default gateway

Cisco – Inter-VLAN Routing with Cisco 800 Series Router

Related Topic