Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Layer 3 switch Inter-vlan routing with TZ400

Hi,

I am new to Sonicwall firewall and this community. All our branch offices use TZ400 as a firewall and router, and an Aruba 2540 layer 3 switch as coreswitch.

Previously, I was able to a Router-on-a-stick to enable inter-vlan routing by creating sub interface with VLAN ID on TZ 400 and enabling DHCP for each sub-interface. On the switch, each vlan interface(SVI) has an IP address, and I added static route to the Firewall sub-interface, (the network default gateway). I copied some of the switch configuration here.



My question is that is it the correct way to set up? Although it works, using SVI layer 3 inter-vlan routing should not need sub-interface on the router/firewall, which it is the requirement of Router-on-a-stick set up? Am I correct?


Could you give me some idea or reference? Thanks for your time.

Category: Entry Level Firewalls
Reply
Tagged:

Best Answers

  • CORRECT ANSWER
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭
    Answer ✓

    The route statements on the switch don't make any sense, why would you have a route to a network that the switch already has an IP in, via something else also in the same network?

    You need to decide what is doing the routing, the firewall or the switch. If both devices have IPs in all networks then you will end up with connections taking a "triangular" route which the switch won't care about but the Sonicwall's state tracking will get upset with.

  • CORRECT ANSWER
    TKWITSTKWITS Community Legend ✭✭✭✭✭
    Answer ✓

    @Arkwright "why would you have a route to a network that the switch already has an IP in, via something else also in the same network?"

    I have seen this so many times it becomes nauseating when I have to deal with it.

Answers

Sign In or Register to comment.