06-30-2007 10:07 AM - edited 03-03-2019 05:40 PM
I have a requirement to emulate our customer's network in our lab. The customer has three separate WAN coming in and they are used to communicate with the internal servers with different purposes. Now I only have a single WAN handoff from our ISP with enough IPs to cover the requirements. How do I segregate it on a switch to satisfy the emulation?
Hardware: Cisco 6500
Public IP: 64-IP block
Want to:
Segment in to 32, 16, and 16 IP blocks;
Each block should has its own gateway and its clients can access the Internet.
I believe this is what ISP do to provide their customers with different block size of IPs. I am knowledgeable on how VLSM works. I am seeking for the information how the switch needs to be configured. A sample configuration or a online doc would be greatly appreciated. Please kindly advise.
06-30-2007 10:16 AM
Hi,
just configure three VLAN interfaces with mask /27 and /28 carving off the public prefix. If your link to the internet router is not on the 6500, use another subnet / vlan (private address) to connect to it. That's it.
Hope this helps, please rate post if it does!
06-30-2007 10:30 AM
Thanks for your prompt response. Here is what I've done--
ISP provided:
64-IP block: 5.5.5.0/26
ISP side gateway: 5.5.5.1
On my Switch:
interface Vlan2
ip address 5.5.5.33 255.255.255.240
!
interface Vlan3
ip address 5.5.5.49 255.255.255.240
!
interface Vlan4
ip address 5.5.5.2 255.255.255.224
!
ip classless
ip route 0.0.0.0 0.0.0.0 5.5.5.1
!
I have the client gateways set to the IP address of each VLAN (5.5.5.2, 5.5.5.33 and 5.5.5.49). Only the clients on VLAN4 can access the Internet. Others show "Destination unreachable" when ping public IPs. Ports to clients on different VLANs are correctly configured and clients can ping their gateways.
06-30-2007 11:06 AM
Yes. The thing is that the ISP gateway at 5.5.5.1 believes that the whole /26 subnet is directly connected to his interface, thing that of course is not true. To work around that, make sure that you have "ip proxy-arp" enabled at least on vlan4 interface. Also, do a tracert on the PC's and let's see where it ends.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: