Cisco 3750 and watchguard xtm530

Any advice needed.
i got a freshly configured cisco 3750 switch and will be creating a new vlan to add all our ip cameras (qty 40) that came in. Would it be better if the switch is configured as a dhcp server or does the watchguard need to be configured as the dhcp server.



Thanks
jo1170Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bill30Commented:
It depends on if your 3750 was a layer 3 switch or not if this is possible.  You are probably better off configuring the Watchguard as the DHCP server if that is where all of your other DHCP pools reside.  If you have the cameras on a separate VLAN than the management interface for the switch, the switch may not be able to hand out DHCP to those clients.
0
jo1170Author Commented:
Its a layer 3 switch. The reason i preferred doing it on the switch is not put additional load on the firebox. I managed to get it up the switch and client cameras are getting ip's from the switch, however no getting internet access when i tested with a laptop.

Maybe i need to create a trunk port from the switch to one of the optional ports on the firebox.

Thanks
0
bill30Commented:
You would need to make sure the switch and the watchguard have the respective ports set up as a trunk, and the vlans are allowed in the trunk.

Also make sure the watchguard has an IP in the subnet/vlan that the cameras are on, and set the DHCP from the switch to push the default-router as the IP of the watchguard IP that is on the camera vlan.

You will need to make sure the watchguard is seeing the vlan you set up as an inside interface, so that it will perform NAT to the outside for your internal camera vlan users.
0
H-SinghTechnical DirectorCommented:
No Trunk port config needed.

you can have VLANs for internal networks.

then port on 3750 that connects to watchguard LAN port just assign that an IP on same subnet as watchguard LAN

e.g. watchguard LAN IP = 172.16.10.10
then on 3750
e.g. port 24 connected to watchguard
interface GigabitEthernet1/0/24
 no switchport
 ip address 172.16.10.1 255.255.255.0

then on 3750  have a default route ip route 0.0.0.0 0.0.0.0 172.16.10.10

and most important static route back from watchguard to send traffic from watchguard to cisco VLANs

e.g. if you have one VLAN with IP 172.16.12.1/24
then on watchguard create static route
172.16.12.0/24    Gateway = 172.16.10.1 (cisco switch IP)

this should do the trick
i got similar setup running in my network.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.