Allow interface to share

[ColeTrain]

My question is currently about interfaces, but it also applies to vlans. How can you allow across subnets?

I have 2 interfaces. Ip range on one is igb1 - 192.168.1.0/24
IP range of the second is igb2- 192.168.69.0/24

On the igb2 69 2nd interface, I plug in a cisco switch. (That's it nothing on the switch.) 192.168.1.11.  So other ip range on this interface. Firewall rules all set to allow all on both interfaces . I can't access it from a computer on the 1st 192.168.1.0 range.

Everything I read says I should be able to access it. I have tried to read about "gateways" and "static routes" and it seems to say I don't need those. Any thoughts? Or do I?

[bartjsmit]

The interfaces and VLAN's are on Layer 2 of the stack. Devices can exchange a whole raft of protocols freely over Layer 2; IP, IPX, GRE, ICMP, etc.

The firewall enforces Layer 3 restrictions. Most of these are based on IP addresses and ranges.

It is good practice to ensure that an IP subnet overlaps with a (V)LAN to keep things easy to manage. However, there is nothing to stop you from having multiple IP subnets on a LAN or VLAN. Your firewall will just be unable from restricting communication between hosts. The host administrator can simply add an IP address in each subnet to communicate freely.

Otherwise, if the traffic goes between two IP subnets, you need a router to transfer the packets. Commonly the firewall is the default gateway for all subnets, so all connected devices can talk freely.

Bart...