Single vlan for vendors to use, Internet access only

Unanswered Question
Jul 16th, 2007

Is there an easy way to set up a single VLAN with only access out to the Internet ?

How do you set this up and not have the VLAN be part of the existing network that is using OSPF?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Amit Singh Mon, 07/16/2007 - 08:45

What is you over all topology and how is the internet terminated or located on your network. What you have to do is eventually extend your network/vlan as Layer 2 only and router this vlan on the router or a layer-3 switch to router the traffic to the internet.

It would be nice to see the overall network topology and then guide you through the rest of the ideas. Please attach your network diagram.


-amit singh

wilson_1234_2 Mon, 07/16/2007 - 09:23

Thanks for the reply.

Attached is a simplified drawing.


When trying to create a VLAN on the 6509,I can create the Layer 3 with no problem and give it an address,

When I try to create layer 2 I get an an error message that I cannot while in VTP Client mode.

I have created VLANs on that switch before but do not remember seeing this.

Is it ok to change to server mode?

Amit Singh Mon, 07/16/2007 - 09:53

Hi Wilson,

Are you running VTP on your network? Do you have any other VTP server running on the network? If not, then it will be easy to change the client to server mode. If you are running VTP server on your network, then create the L2 vlan on that server and it will prpogated to the rest of your network.

The easiest design config here would be to have the PIX do the routing of your new vlan. Check if you have a spare port on your PIX 525. If yes, then simply connect that port and configure it as a guest internet DMZ and route it on the PIX. Set the PIX interface as the default gateway for that guest vlan client.

If you dont have a spare port on 525, then you can create routing on 6500 and then use VLAN ACLS and router ACLS to block the inter-vlan traffic communication.

HTH,Please rate if it does.

-amit singh

wilson_1234_2 Mon, 07/16/2007 - 10:16

Thanks for the reply.

There is OSPF running on the Switch.

The default gateway is pointing to the PIX.

So the only thinng I need it to prevent the one VLAN from talking to the others and make sure it goes straight out to the Internet.

Are there any example on hoew to do that?

Do you have an example on how I would do this?


This Discussion