Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how to implement accelar 1200 with vlan to access internet

Status
Not open for further replies.
technology04

technology04

Technical User
Joined
Oct 25, 2004
Messages
4
Location
CA
I have some baystack450-24 with vlans for different customers, trunking to nortel accelar1200 with tagged port, but we want to use watchguard firewall,firebox1000 or 2500(they didn't support 802.1Q trunk) to access internet, how to implement, any idea appreciate.
 
Sort by date Sort by votes
you need to make a new vlan for internett access, and make a default route on the PP1200, the passport must have the firebox as next hop..

 
Upvote 0 Downvote
thank you, Pederchr,
I will try it, as i know, default route can only be used in stub networks-those with only one exit path out of network, but i have more vlans, that means maybe they don't know where packets will be forward, right? please give me some points, thanks again
 
Upvote 0 Downvote
If I understand you correct you want to route every vlan to the GW ? or just one Vlan ?


Every vlan will use this default route, the PP1200 has no support for VR, or policy routing.



 
Upvote 0 Downvote
I create vlans for different tenants, so all tenants in different vlan should access to internet. i know if i use watchguard firebox vclass v60/80/100, implementation is very easy, also it is very secure.in this way, i don't need routing, just create different vlan,PCs in different vlan just set up firewall virtual port ip address as default gateway, that's all. but my company wants to use current firewall(they don't want to cost money any more), right now we have firebox1000/2500, they don't support vlan 802.1Q(trunking). so i have to think about other way. i think using routing system can work, let's say we have 4 vlan, vlan1, 2, 3 for different tenants, vlan4 for firewall, setup routing from 1,2,3 to 4 but in practice, it doesn't work,what's wrong? also i have to use ip filter to block inter-vlan connecting, but in practice, they still can ping each vlan. i need your help, proposal

thank you very much
 
Upvote 0 Downvote
Nortel Baystack uses the terminology VLAN to indicate what packets a port can receive, and PVID to indicate how packets that port sends are marked.

if the firewall is on VLAN 1,2, and 99 and PVID 99, then the firewall can see packets marked 1 and 2 and 99 and only sends packets marked 99 (the firewall may not need to be in VLAN 99 as it is the only device sending with a PVID of 99 but I always did)

the ports in both VLAN 1 and 99 which have a PVID of 1 cannot see VLAN 2 at all, but can see the firewall.

the ports in both VLAN 2 and 99 which have a PVID of 2 cannot see VLAN 1 at all, but can see the firewall.

I tried to remain child-like, all I acheived was childish.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lneto
  • Locked
  • Question Question
inter vlan routing
Replies
0
Views
674
lneto
lneto
H
  • Locked
  • Question Question
Save Merge: Failed to save the Configuration Data
Replies
1
Views
468
Firebird Scrambler
Firebird Scrambler
AlfonsoSF
  • Locked
  • Question Question
how to configure a port with two or more vlans
Replies
0
Views
497
AlfonsoSF
AlfonsoSF
K
  • Locked
  • Question Question
FreePBX Asterisk SIP trunk with IPO 500 outbound calling
Replies
1
Views
388
Firebird Scrambler
Firebird Scrambler
tdhaslett
  • Locked
  • Question Question
Hotline setup to four cell phones
Replies
1
Views
830
tdhaslett
tdhaslett

Part and Inventory Search

Sponsor

Back
Top