I have some routes configured to route my MX to various VLANs on my distribution switch. For the "Next Hop" address I've been using the main gateway IP address on my core switch on all of my routes. What I'm wondering is, should I be using the gateway for the specific VLAN instead? For example, my native VLAN gateway IP is 10.25.62.254 and the gateway for VLAN80 is 10.25.80.254. Presently the Next Hop address for this route is 10.25.62.254, but should the route to VLAN80 use a Next Hop address of 10.25.80.254 instead? Or does this not matter as long as the Next Hop leads us back to my main switch?
Are the VLANs configured on the router or the switch? A good practice is to configure these at the core switch layer. The MX should only really be routing internet and VPN traffic. That way you can do a default route on the switch to the MX and then create specific layer 3 routes or ACLs as needed.
Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO If this was helpful click the Kudo button below If my reply solved your issue, please mark it as a solution.
Your best solution is as stated above by @PhilipDAth. You will build static routes on the MX firewall and point them to your core switch IP address since it is the gateway for the VLAN networks. With routing you only have the ability to point a route to another IP on the same subnet on your interfaces or out through the zero cloud route.