NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

oheymanns's avatar
oheymanns
Aspirant
Nov 26, 2018
Solved

M4300 Inter-VLAN routing not over default gateway

Hello Community,

I need your help, please. Maybe this topic has already been discussed here, but unfortunately I have found nothing. I have two questions about the switch.

1.
We have created 3 4300-52G in the cluster, created VLANs and enabled VLAN routing. PCs have got the right IPs to the VLANs, the cluster also acts as a gateway. Intra-VLAN routing and access from the VLANs to the Internet also works.

My problem:

The packets are sent via the default route to my firewall. On my firewall (Sonicwall) the packets also appear with the correct source IP but on the wrong interface (VLAN254). All my firewall rules will not work with the wrong source vlan.

My question:
Is there a way not to take the Default Gateway but to stay in the VLAN of the PCs?

2nd question
How can I prevent clients from a VLAN from accessing the web interface of the switch?

Switch
MGMT 10.21.254.240 (V254) GW 10.21.254.1
PCs 10.21.21.0/24 (V21)

firewall
10.21.254.1 (V254)
PCs 10.21.21.1 (V21)
If you need more information please let me know.
I would be very grateful for your help!

Installation
Troubleshooting
  • LaurentMa's avatar
    LaurentMa
    Nov 28, 2018

    OK thank you very much. I believe it won't work per your requirements with current static routing. I would revert back to pure Layer 2 installation of your VLAN 12 and your VLAN 21. These two VLANs should not be "routing VLANs" anymore and all their traffic should be sent to your firewall straight. A trunk with all VLANs should go to your firewall and your firewall should act as the gateway for VLAN 12 and VLAN 21. This way, your firewall rules will function normally. schumaku do you think the same?

     

    The switches' management VLAN 254 can remain a routing VLAN, in order to let all services function normally in the switch. I hope this helps - 

17 Replies

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Nov 26, 2018

    Aehm, wild guess this is because of these PCs are using the Sonic Wall IP as the default gateway. In the "fun" of a static IP routing environment, you have to make the relevant switch routing interface the default gateway instead.

    • oheymanns's avatar
      oheymanns
      Aspirant
      Nov 26, 2018

      Hello schumaku,

       

      Thank you for your prompt reply.

       

      No, the switch is the gateway for the PCs. Please see the attachment below.

       

      • oheymanns's avatar
        oheymanns
        Aspirant
        Nov 26, 2018

        The second picture is the packet capture of my sonicwall. You can see the ingress interface.

         

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More