Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dahlinkj
Contributor

Permitting internet on multiple networks

Jump to solution

I have two vlans on my network, vlan 2 of 10.201.0.0/16 and vlan 3 of 10.50.0.0/24, however, traffic on vlan 2 on which the LAN (eth0) interface is directly connected to can access internet and vlan 3 which is added to (eth0) as an alias with the IP address on the 10.50.0.0/24 network is not accessing internet.

 

From the vlan 3 network, on the checkpoint, I cannot ping any client machine on the same network, however from the switch directly connected to the checkpoint firewall can ping the firewall and from firewall and computers on vlan 2 can ping each other.

 

I have permitted/accepted all traffic on both networks on 10.201.0.0/16 and 10.50.0.0/24 to  any/internet. but when I ping 8.8.8.8 from a computer on vlan 3, I get an error of "address spoofing". see the image of the error log attached .

I will appreciate your support on this.

 

0 Kudos
1 Solution

Accepted Solutions
dahlinkj
Contributor

Thanks Sorin, you gave me a hint and later on the error : address spoofing , was able to resolve it by disabling the spoofing option on the networks. 

View solution in original post

0 Kudos
6 Replies
genisis__
Advisor

why do you have an alias?

If two vlans are connected to the same physical interface then it should be two logical interfaces connected to a trunk. So when you do a topo update it should only see (as an example)  eth0.2 & eth0.3.

 

0 Kudos
dahlinkj
Contributor

Hello genisis

Thanks for a prompt response, actually I would appreciate if you can share with me a tutorial on how to configure vlans or two logical interfaces on one interface connected to a trunk. I did configure an alias because I didn't know exactly what to do. 

much appreciated for your guide.

0 Kudos
Sorin_Gogean
Advisor

Have a look on this and you should get the ideea how things are done.

Also some youtube videos, you can start from there.

 

Roughly, you get 2 or more interfaces in a bond, and on the bond you define the Vlans(sub-interfaces) .

 

Ty,

0 Kudos
dahlinkj
Contributor

Thanks Sorin, you gave me a hint and later on the error : address spoofing , was able to resolve it by disabling the spoofing option on the networks. 

0 Kudos
Sorin_Gogean
Advisor

hello @dahlinkj ,

 

glad to be of help, still disabling Spoofing is not a GOOD option....

I would look into making Spoofing groups that we attach to the interfaces, and we manage that; or look into define the spoofing based on routing.

disabling Spoofing is not OK...

 

thank you,

0 Kudos
dahlinkj
Contributor

@Sorin 

I will appreciate  if you can share any info on this , best practice . 

0 Kudos