Assigning Public IP's to Vlans

Unanswered Question
Jun 11th, 2009

I've been struggling with both the Cisco 1841 router and ASA 5505 in trying to assign public IP's on 2 vlans I'm trying to create so both vlans can be segmented but have controled traffic between each other via ACL's. The CLI on both the 1841 and the 5505 will not take a public ip on any of there additional eth ports.

I do have a Catalyst 3750 (ws-c3750g-24t-s) downstream from these devices that will allow me to assign a public ip on a port. I'm basically trying trying to split my ISP handoff to two vlans and providing public ip's to both aa well as restricting traffic between the two via ACL's. Since the additional ports on 1841 and 5505 are not true "WIC's", would this Catalyst allow me to acomplish the above said?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 06/11/2009 - 11:21

John


The 3750 would allow you to do this but you should be able to do this with the 1841. Is the card in your 1841 a HWIC-4ESW ?


If so you can assign these ports into vlans. So you could create the 2 vlans, create the L3 vlan interfaces for each vlan and then assign the ports into the relevant vlans.


Apologies if i have misunderstood.


Jon

jfwarren1 Thu, 06/11/2009 - 12:42

Thanks for ringing in here Jon. Yes the card is an HWIC-4ESW but the CLI will not accept a public ip for any of the 4 ports on that card, will only take private addresses.

Jon Marshall Thu, 06/11/2009 - 12:45

John


You need to create a vlan and then assign the public IP to the L3 vlan interface


1) vlan 20 name public


2) int vlan 20

ip address


3) int fa0/1 <--- fa0/1 is one of the 4 ports

switchport access vlan 20


Jon

jfwarren1 Thu, 06/11/2009 - 13:36

Thanks Jon, I went to the test bench and consoled into the 1841. As you know, when I do a:

1841(config)#int fastethernet 0/1/1

1841(config-if)#ip address


I get the following: "IP address may not be configured on L2 links."


When I try you way there is no way to "name" a vlan. These are the only options in config mode for vlan:


1841(config)# Vlan ?

accounting VLAN accounting config

id descr VLAN subinterface if descr


the command:

1841(config)#vlan 20 name public


is not reconized.


Thanks for your help

Jon Marshall Thu, 06/11/2009 - 13:45

John


Apologies, you need to use the vlan database command on the 1841 ie.


1841# vlan database


or


1841(config)# vlan database


It's been a while since i used vlan database so i can't remember which one is the correct one - think it's the first one :-).


Once you are in vlan database mode you can then configure the vlan.


Jon


jfwarren1 Thu, 06/11/2009 - 14:34

WOW that worked!!! Strange way to configure. So now I can do vlan routing and ACL's on the switches even though there L2?

Jon Marshall Thu, 06/11/2009 - 14:37

John


vlan database is the old way to configure vlans, it's not really used much these days.


You can apply your acl's to the L3 vlan interfaces and that will allow you to control traffic between the 2 vlans.


Jon

jfwarren1 Thu, 06/11/2009 - 14:44

Thank You. This has been quite an educational experience. I am only CCNA, and this vlan database was not covered in my studies. Thank you again. This item is fully resolved.

Actions

This Discussion