Cat5500 with RSM excluding Vlans from routing

Discussion in 'Cisco' started by Yves, Oct 20, 2004.

  1. Yves

    Yves Guest

    Hi All,

    Let's imagine that we have 4 different vlans vlan2 vlan3 vlan4 and
    vlan5.

    i would like to be able to route between vlan2 and vlan3 but that
    vlan4 and vlan5 are not included in this routing.

    Example: I want to ping from vlan2 to vlan4 but i don't want that the
    router makes the route. I want that this packet is routed through
    vlan3 to an external firewall and than this firewall routes the
    package to vlan4.
    If the packet of vlan2 will be routed directly through the RSM, i will
    jump over the securities of the Firewall and this is what i want to
    avoid.

    Is there any possiblity to get this working?

    Yves
     
    Yves, Oct 20, 2004
    #1
    1. Advertisements

  2. :Let's imagine that we have 4 different vlans vlan2 vlan3 vlan4 and
    :vlan5.

    :i would like to be able to route between vlan2 and vlan3 but that
    :vlan4 and vlan5 are not included in this routing.

    :Example: I want to ping from vlan2 to vlan4 but i don't want that the
    :router makes the route. I want that this packet is routed through
    :vlan3 to an external firewall and than this firewall routes the
    :package to vlan4.

    :If the packet of vlan2 will be routed directly through the RSM, i will
    :jump over the securities of the Firewall and this is what i want to
    :avoid.

    :Is there any possiblity to get this working?

    Don't do that. Don't send it through vlan 3: instead, make the
    port leading to the firewall part of vlan 2 (you can do that
    even if the ports are on different cards and using completely
    different media) and don't assign an IP address to vlan 2. Set the
    interface port on the firewall to have whatever IP address you need
    to satisfy the routing needs of the media connecting to vlan 2.
    Then bring back the firewall output on a different port-based vlan
    that you -do- assign an IP address to, and do whatever other routing
    you need by any of the standard methods.


    If that doesn't work for you (e.g., because you have multiple
    feeds into vlan 2 and you need the RSM to route between them
    without going through the firewall) then what you need to
    impliment is Policy Based Routing (PBR). That's present in the base
    IP feature set as of 11.3(11)T, but if all you have available is
    11.2P then you either need a feature set that includes VIP or
    else the IP/IPX/AT/DEC feature set.
     
    Walter Roberson, Oct 20, 2004
    #2
    1. Advertisements

  3. Yves

    Yves Guest

    The thing is that i have for each vlan a different network attached to
    it. like for vlan2 i have 10.1.1.0/24 vlan3 10.1.2.0/24 vlan4
    10.1.3.0/24 vlan5 10.1.4.0/24

    now if i ping from 10.1.1.1 to 10.1.2.1 than the RSM will take over
    the routing since all these networks are directly connected to the
    module. But if i ping from 10.1.1.1 to 10.1.3.1 i want that the packet
    cross the RSM to be routed to to the firewall which is located in the
    10.1.2.0/24 network and then the firewall will bring the packet to the
    10.1.3.0/24 netwrok.

    I don't want the RSM module routes the packet from 10.1.1.1 directly
    to 10.1.3.1.

    I don't know if this is possible....is there any possibility to create
    routing groups....like ok the RSM can route packets from vlan2 to
    vlan3 but is not able to route packets from vlan2 to vlan4...

    I hope that i was clear about my plans....but if not i will try to
    draw a small map :)

    Thanks a lot for the precious help.

    Yves
     
    Yves, Oct 21, 2004
    #3
  4. :now if i ping from 10.1.1.1 to 10.1.2.1 than the RSM will take over
    :the routing since all these networks are directly connected to the
    :module. But if i ping from 10.1.1.1 to 10.1.3.1 i want that the packet
    :cross the RSM to be routed to to the firewall which is located in the
    :10.1.2.0/24 network and then the firewall will bring the packet to the
    :10.1.3.0/24 netwrok.

    :I don't know if this is possible....is there any possibility to create
    :routing groups....like ok the RSM can route packets from vlan2 to
    :vlan3 but is not able to route packets from vlan2 to vlan4...

    No, but you can use Policy Based Routing.
     
    Walter Roberson, Oct 21, 2004
    #4
  5. Hello, Yves!
    You wrote on 21 Oct 2004 00:40:09 -0700:

    Y> The thing is that i have for each vlan a different network
    Y> attached to it. like for vlan2 i have 10.1.1.0/24 vlan3
    Y> 10.1.2.0/24 vlan4 10.1.3.0/24 vlan5 10.1.4.0/24

    Y> now if i ping from 10.1.1.1 to 10.1.2.1 than the RSM will take
    Y> over the routing since all these networks are directly connected
    Y> to the module. But if i ping from 10.1.1.1 to 10.1.3.1 i want that
    Y> the packet cross the RSM to be routed to to the firewall which is
    Y> located in the 10.1.2.0/24 network and then the firewall will
    Y> bring the packet to the 10.1.3.0/24 netwrok.

    Y> I don't want the RSM module routes the packet from 10.1.1.1
    Y> directly to 10.1.3.1.

    Well, if you don't want RSM to route packets for Vlan4 and Vlan5 that just don't
    create them on RSM. Put a static route for them pointing to a firewall and
    that's it.

    With best regards,
    Andrey.
     
    Andrey Tarasov, Oct 21, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.