Assume I have three vlans: 1, 2, and 3. They are 10.1.0.0, 10.2.0.0, and 10.3.0.0, respectively.
Each VLAN is available on the Force10 and the Firewall.
At the moment, the Force10 acts as a simple switch for all VLANs except vlan 1, which has workstations. Workstations in vlan 1 use the F10 as a default gateway, and there exist routes to direct traffic to the appropriate firewall. Workstations should route traffic through a primary firewall with content filtering and such (10.1.0.253), or to the secondary firewall which provides inter-vlan routing/ACLs (10.1.0.254). All other computers on all other vlans will access anything outside of their vlan using the secondary firewall (.254 on their respective subnet).
*S 0.0.0.0/0 via 10.1.0.253, Vl 1 250/0
S 10.0.2.0/24 via 10.1.0.254, Vl 1 1/0
S 10.0.3.0/24 via 10.1.0.254, Vl 1 1/0
This works fine, however I would like to enable the IP address on all vlan interfaces on the F10, and have everything point their gateway at their respective F10 interface. But when I enable the IP address on Vlan 2 or 3, those static routes disappear from the routing table and I get:
C 10.2.0.0/24 Direct, Vl 2 0/0
C 10.3.0.0/24 Direct, Vl 3 0/0
So traffic from vlan 1 to vlan 2/3 stops getting routed to the firewall at .254.
Do I simply re-add the static routes again? I guess the question is: how do I add static routes for each vlan, such that each vlan has a different default gateway? And such that users on vlan 1 still use a gateway when accessing other vlans, instead of going through the F10 alone? I'm guessing the routing table would end up looking something like this:
*S 0.0.0.0/0 via 10.1.0.253, Vl 1 250/0
*S 0.0.0.0/0 via 10.2.0.253, Vl 2 250/0
*S 0.0.0.0/0 via 10.3.0.253, Vl 3 250/0
C 10.2.0.0/24 Direct, Vl 2 0/0
C 10.3.0.0/24 Direct, Vl 3 0/0
S 10.0.2.0/24 via 10.1.0.254, Vl 1 1/0
S 10.0.3.0/24 via 10.1.0.254, Vl 1 1/0
