Make a VLANs talk to the internet

fieryhail · ‎05-23-2009

Hello all,

I need help making a Cisco router and Catalyst 3550 talk. I'm new with VLANs and such, in fact new to Cisco stuff in general. I've learned a bit and I learn quick.

Does anyone have any idea how I can connect my router to the internet, preferably managing multiple public IPs, and then connect those public IPs to the VLANs in the Catalyst 3550. Assume I am starting from a blank config on both router and switch. I have 2 Ethernet interfaces on the router. I'm trying to setup VLANs on the Catalyst, and do the routing on there.

I need the cisco router to handle my 5 public IP addresses. I think I can do that by assigning each public IP to fa0/1 having one as a primary and the other 4 as secondary. Then have fa0/0 connect to the Catalyst and have 5 subnets on there. I want to map each subnet (and subsequently LAN PCs or servers) to a specific public IP.

192.168.1.0 --> 96.xxx.xxx.170

192.168.2.0 --> 96.xxx.xxx.171 and so on.

Every time I have tried setting this type of configuration up nothing works properly. I know the equipment I have can do it, I'm just not sure how to achieve it. I know I've been close, yet not close enough obviously. I'm pulling my hair out!I must have been missing something critical in my router or switch config, but i couldn't see what it was. After butchering stuff badly many times I decided to start fresh on both, again. So, starting with blank slate, can anyone give me any ideas? Thanks in advance.

andrew.prince · ‎05-24-2009

If you just want the router to do all the layer 3 routing, then the soulution is simple.

You need to use dot1q trunking on the router interface that connects to the switch via a TRUNK.

Then perform IP subnet NAT on the router.

HTH>

jimmysands73_2 · ‎05-25-2009

"Every time I have tried setting this type of configuration up nothing works properly."

Post your configs, and we can work through them with ya to straighten everything out.

Sam Smiley · ‎05-28-2009

This isn't really a complicated config that you need, it just needs great care in doing it. Things, especially access list need to be done in a given order.

On the router you will need to create route maps for each IP address that you want to use as well as an appropriate NAT translation for the route map. Once this is done you will also need to create access list that permit one subnet and deny others for a given public IP address. Lastly you will need to creat static routes or enable EIGRP/OSPF to build the appropriate routes back to each VLAN.

The switch config is simple create your VLANS and route them to the Cisco router. Personally I set assign a port on the switch that is a L3 port, the command is "no switchport", assign an IP address to the port that is in the same subnet as the router and connect the router to this port. However you can keep the port as a switchport as you wish.

I'll attach a couple of sample configs for you to review. Like I said it isn't really a difficult config it's just tedious.

In the attached sample config the first IP will be assigned to fa0/1, the others will be assigned to the route maps. Notice that in this sample config the VLAN addresses are segmented from 10.244.0.0/22, 10.24.40.0/24 & 10.13.13.0/30.

The permit lines in the access lists are the physical addresses that are permitted for a given IP address.