Layer 3 Switch configuration issue.

Planet / Wsgs3-24000
March 11, 2009 at 19:15:36
Specs: N/A
Hey guys!
I bought a Planet Layer 3 switch to install at my company.
I have two local subnets which are:
Now, after I configured the switch, both networks can see each other and can talk to each other with no problem. I am using a submask of to allow this to happen.
Now I have 10 VPN tunnels that come from outside the office, through my Checkpoint firewall and into the network. Now the issue I am having is that my Layer 3 switch is not letting me see the other subnets that come through the VPN tunnel. The networks I should see are:

How can I tell my switch so it sees those subnets and allow them to transmit to my local subnets?
For some reason the Checkpoint people told me I have to add a rule inside the switch to allow it to see the other subnets. So far I haven't seen a place where I can specify which subnets I want to allow into my VLAN or something.
What would be the steps I could use to configure this switch to allow me to see the VPN subnets?
I know you probably don't know the Planet Layer 3 switch but the configuration should be the same for any type of layer 3 switches.
I just have the default VLAN 1 specified on the switch. I haven't created any other VLANs.
Maybe the switch is dropping the packages that come through VPN? What might be happening?

Please help!
Thanks much in advance,


See More: Layer 3 Switch configuration issue.

Report •

March 11, 2009 at 20:27:15
"I am using a submask of to allow this to happen."

Subnet mask has nothing to do with routing which is why this statement concerns me. If you were trying to supernet them then submask comes into play but you are routing so that makes no sense. is /16 not /24.

Please understand I am not jumping your case. I am just pointing out some informational misunderstandings.

I am going to make some suggestions but would advise you wait for a response from CurtR whom I believe has more practical experience in this area.

Assuming those subnets just pass thru to the port the Checkpoint firewall is connected to, all you have to do is route those subnets to the other two.

Vlans shouldn't have any thing to do with it. Well except all the subnets you want to route need to be in the same vlan.

I would suggest you stay away from vlan routing at this time since it appears you don't need it but if you want to tackle vlan routing at the same time of subnet routing... OK. Should be covered in the manual for the switch. You would establish a vlan route from each 192.168.x.0 to the x.x.1.x and x.x.20.x networks.

vlan routing and subnet routing are two different things which is why in the vlan interface you don't see anything about ip.

Report •

March 11, 2009 at 20:36:12
Sorry for the misunderstanding with the networks, you are right, they are 16, not 24.
I will stay away from VLAN routing.
There is a section on Routing inside the switch. I should tell it to route all traffic from 192.168.x.0 to my local subnets.
I hope CurtR can give us some feedback on the proper way to do it.
It is my first time configuring Layer 3 switches, I guess there no better way to learn than just doing it yourself.

Hope I can solve it.
Thanks much for your feedback.


Report •

March 11, 2009 at 20:47:17
I am sure you can solve it. :-)

I would suggest setting all ports in the switch to vlan1. That will take out vlan routing. Then add routes as suggested and let us know how it works out.

Report •

Related Solutions

March 12, 2009 at 06:24:53
I'm not sure exactly what it is you're trying to achieve but it seems to me you've gone way into overkill on the VPN

To my way of thinking you should establish one VPN tunnel between sites that carries all traffic (which is to say, all subnets/VLAN's) between sites regardless of VLAN/subnet.

Then you would break out traffic at each end and route it according to destination subnet/VLAN.

Think of your VPN as a toll highway with tollbooths at each end. The cars are packets of data (people) all going to different places.

The road doesn't care where the people in the cars are going, only where the cars themselves need to go. So you pay your toll and go. When you get to the other end, you park and each person goes their separate way to their destinations.

What you seem to be trying to do is create an individual road for each person. When in reality, you only need one road and some way to break the traffic out at each end and redirect it once it gets there. That's where your router, or L3 switch come into play.

Does my analogy make any sense? I'm not the best teacher and I know it so if I'm confusing you, let me know and we'll try this from another angle.

Report •

Ask Question