Virtual routers

Unanswered Question
Nov 10th, 2008
User Badges:

Hello

i need to separate two networks in my LAN, using router with one public IP address, is the concept of Virtual router will works here,


if so could some one give brief configuration assuming one router with static routing protocol.


thank you




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 11/10/2008 - 04:12
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Ala


Could you provide a few more details ie. you say you have one router with one public IP address and you want to separate 2 networks. What exactly do you mean by this.


What is your router model, how many interfaces does it have etc..


Jon

alaeldien Mon, 11/10/2008 - 04:20
User Badges:

hello Jon

thank you for ur immediate response


i have Cisco 1841 router with serial interface and 2 ethernet interfaces, i want to separate 2 networks, i.e the Sales guys can not access those in Administration Dept,

through one public ip address asigned from ISP, is it possible for this separation through subnetting or Virtual router.

i hope i express my needs clearly.

thanks

Jon Marshall Mon, 11/10/2008 - 04:31
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Ala


Do you have a switch that your internal users are connected to. If so it is relatively easy to do what you want. So on your switch you would create 2 vlans


switch(config)# vlan 10

switch(config-vlan)# name admin_vlan


switch(config)# vlan 11

switch(config-vlan)# name sales_vlan


Then connect fa0/0 on your 1841 to one of the switchports eg. gi0/1 and on the switch


int gi0/1

switchport access vlan 10


connect fa0/1 on your 1841 to another of the switchports eg. gi0/2


int gi0/2

switchport access vlan 11


On the 1841 router


access-list 101 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 101 permit ip any any


int fa0/0

ip address 192.168.5.1 255.255.255.0

ip nat inside



int fa0/1

ip address 192.168.6.1 255.255.255.0

ip nat inside

ip access-group 101 in


int s0/0

ip nat outside


then just allocate sales and admin PC's into their respective vlans on the switch using the "switchport access vlan ..." command.


Each admin PC needs it's default-gateway set to 192.168.5.1

Each sales PC needs it's default-gateway set to 192.168.6.1


The above config will allow your sales and admin people to access the Internet and it will also stop your sales people connecting to admin machines.


Obviously you will need to modify the IP addressing etc. to meet your needs.


Jon





Actions

This Discussion