You have a Layer 3 interface (ip address) on both VLANs on the switch; so the routing is being done there (inter-vlan routing). I'm not sure removing just the IP from VLAN1 would be enough to get the job done.
If you want the traffic to traverse the firewall you have a few options. The most simple would just be to move all the L3 interfaces to the firewall, and just do a trunk of the two VLANs to the firewall. Hosts would use the firewall IP as the gateway. Alternatively, depending on the switch model, you could use VRFs to isolate the two routing domains and use VLAN sub-interfaces to the firewall. With this, each VRF would have a default route to the firewall, and the routing first hop can still be done on the switch. You would need routes on the firewall back to the server VLANs on the switch. Recommend something like OSPF to help with that. Best of luck.
I would like to remove the second line of this routing table but I didn't find a way without removing the ip address of the VLAN 1.
---------------------------------------------------------------------------------------------------------- *S 0.0.0.0/0 via 10.51.1.1 vlan1 1/0 1 day 00:19:29 C 10.51.0.0/16 via 10.51.10.102 vlan1 0/0 1 day 00:10:08 C 10.70.10.0/24 via 10.70.10.150 vlan10 0/0 1 week16:11:58
DELL-Josh Cr
Moderator
•
9.5K Posts
0
August 26th, 2020 09:00
Hi Romain,
Which model switch are you using? You may need to run the ip routing command. Let us know if you have any additional questions.
bealdrid2
1 Rookie
•
117 Posts
0
August 26th, 2020 14:00
You have a Layer 3 interface (ip address) on both VLANs on the switch; so the routing is being done there (inter-vlan routing). I'm not sure removing just the IP from VLAN1 would be enough to get the job done.
If you want the traffic to traverse the firewall you have a few options. The most simple would just be to move all the L3 interfaces to the firewall, and just do a trunk of the two VLANs to the firewall. Hosts would use the firewall IP as the gateway. Alternatively, depending on the switch model, you could use VRFs to isolate the two routing domains and use VLAN sub-interfaces to the firewall. With this, each VRF would have a default route to the firewall, and the routing first hop can still be done on the switch. You would need routes on the firewall back to the server VLANs on the switch. Recommend something like OSPF to help with that. Best of luck.
KpRR
6 Posts
0
August 26th, 2020 16:00
Hey Josh,
Thanks to answer me
I'm using S5212F switche
the show ip route is giving this result.
I would like to remove the second line of this routing table but I didn't find a way without removing the ip address of the VLAN 1.
----------------------------------------------------------------------------------------------------------
*S 0.0.0.0/0 via 10.51.1.1 vlan1 1/0 1 day 00:19:29
C 10.51.0.0/16 via 10.51.10.102 vlan1 0/0 1 day 00:10:08
C 10.70.10.0/24 via 10.70.10.150 vlan10 0/0 1 week16:11:58
DELL-Josh Cr
Moderator
•
9.5K Posts
0
August 26th, 2020 17:00
Did you change the default vlan? Page 244 https://dell.to/32wmq1Z
KpRR
6 Posts
0
August 27th, 2020 04:00
Yes, I changed it
this is my vlan topology
NUM Status Description Q Ports
1 Active DEFAULT T Eth1/1/3-1/1/5 T Po1000 A Po2,11
10 Active SERVER T Po2,11,1000 A Eth1/1/3-1/1/6
*4093 Active
Default_4093 A Eth1/1/1-1/1/2,1/1/7-1/1/8,1/1/9:1,1/1/10:1,1/1/15 A Po1000
4094 Active T Po1000
my new default vlan is 4093 and po2 and 11 are used to go on access switches (uplink)
DELL-Josh Cr
Moderator
•
9.5K Posts
0
August 31st, 2020 12:00
Thanks, yeah it is going to route between VLANs with IP addresses directly.
KpRR
6 Posts
0
September 1st, 2020 01:00
I didn't find a way to do it.
We will just connect the firewall and move the routing part to the firewall.
Thanks
brent11K
6 Posts
0
September 14th, 2020 13:00
Yep, removing the IP from VLAN 1 would not be enough in this situation, I think.