Inter Vlan Routing Without Physical Seperation

Curiosityx

Curiosityx

Curiosityx

Soldato
Joined
17 Oct 2002
Posts
3,941
Location
West Midlands
Apologies for the random tittle but ive got a quick query for people familiar with Vlans.

I have a site with a primary router being a Cisco 3640, it has one serial interface and two fast ethernet interfaces all of which are on separate networks.

Hanging of the two fast ethernet interfaces i have a 24 port L2 Managed switch that is Vlan capable.

Into the other ports on the switch i have multiple firewalls each with unique addresses within the range of the network that of the fast ethernet interface on the router.

Now my plan was to configure two vlans on the switch the use 802.1q encapsulation on the router to route between the vlans, unfortunately i have since found out that the IOS version doesnt support said feature as its using only the basic IP feature set and i am unable to upgrade it due to hardware constraints.

My question being would it be acceptable to simply plug all the devices into the switch as members of the native Vlan and let the laws of physics decide the outcome, i have tried this and it is successful, trace routes show traffic passing through the router between the two networks connected i imagine this is the case as each firewall has the router as its default gateway, any suggestions or potential downfall's welcome.

The diagram below is what i would like to achieve, Please note that IP address's are fictitious as well as the router/switch hardware but it's close enough

Current Setup

VlanP.jpg


Proposed Setup

Vlan.jpg
 
Last edited:
sidethink said:
It might be useful to spell out what you are trying to achieve as an objective.
Click to expand...

What i was after was to put each network on a separate vlan on the switch but as i am unable to do so is it acceptable to place all the networks within the native vlan or is there another alternative?
 
Curiosityx said:
is it acceptable to place all the networks within the native vlan
Click to expand...

You would have to answer that one. It's hard to say without seeing the rest of the network, but it seems that you would only have the 4 firewalls connected. The 2 main reasons why I would use VLANs is security, and increasing the number of broadcast domains, neither of which look to be a big issue with the setup you have.
 
oddjob62 said:
You would have to answer that one. It's hard to say without seeing the rest of the network, but it seems that you would only have the 4 firewalls connected. The 2 main reasons why I would use VLANs is security, and increasing the number of broadcast domains, neither of which look to be a big issue with the setup you have.
Click to expand...

Exactly - what I was getting at earlier is why you want to VLAN in the first place. If all of the other kit is setup correctly it just seems like an unneeded excess.

I'm all for VLANs in the right circumstance but they add a level of complexity that often is not required.
 
sidethink said:
Exactly - what I was getting at earlier is why you want to VLAN in the first place. If all of the other kit is setup correctly it just seems like an unneeded excess.

I'm all for VLANs in the right circumstance but they add a level of complexity that often is not required.
Click to expand...

Indeed, thanks for your comments :)
 
You must log in or register to reply here.
Back
Top Bottom