Assigning Public IP's to Vlans

jfwarren1 · ‎06-11-2009

I've been struggling with both the Cisco 1841 router and ASA 5505 in trying to assign public IP's on 2 vlans I'm trying to create so both vlans can be segmented but have controled traffic between each other via ACL's. The CLI on both the 1841 and the 5505 will not take a public ip on any of there additional eth ports.

I do have a Catalyst 3750 (ws-c3750g-24t-s) downstream from these devices that will allow me to assign a public ip on a port. I'm basically trying trying to split my ISP handoff to two vlans and providing public ip's to both aa well as restricting traffic between the two via ACL's. Since the additional ports on 1841 and 5505 are not true "WIC's", would this Catalyst allow me to acomplish the above said?

Jon Marshall · ‎06-11-2009

John

The 3750 would allow you to do this but you should be able to do this with the 1841. Is the card in your 1841 a HWIC-4ESW ?

If so you can assign these ports into vlans. So you could create the 2 vlans, create the L3 vlan interfaces for each vlan and then assign the ports into the relevant vlans.

Apologies if i have misunderstood.

Jon

jfwarren1 · ‎06-11-2009

Thanks for ringing in here Jon. Yes the card is an HWIC-4ESW but the CLI will not accept a public ip for any of the 4 ports on that card, will only take private addresses.

Jon Marshall · ‎06-11-2009

John

You need to create a vlan and then assign the public IP to the L3 vlan interface

1) vlan 20 name public

2) int vlan 20

ip address

3) int fa0/1 <--- fa0/1 is one of the 4 ports

switchport access vlan 20

Jon

jfwarren1 · ‎06-11-2009

Thanks Jon, I went to the test bench and consoled into the 1841. As you know, when I do a:

1841(config)#int fastethernet 0/1/1

1841(config-if)#ip address

I get the following: "IP address may not be configured on L2 links."

When I try you way there is no way to "name" a vlan. These are the only options in config mode for vlan:

1841(config)# Vlan ?

accounting VLAN accounting config

id descr VLAN subinterface if descr

the command:

1841(config)#vlan 20 name public

is not reconized.

Thanks for your help

Jon Marshall · ‎06-11-2009

John

Apologies, you need to use the vlan database command on the 1841 ie.

1841# vlan database

or

1841(config)# vlan database

It's been a while since i used vlan database so i can't remember which one is the correct one - think it's the first one :-).

Once you are in vlan database mode you can then configure the vlan.

Jon

jfwarren1 · ‎06-11-2009

WOW that worked!!! Strange way to configure. So now I can do vlan routing and ACL's on the switches even though there L2?

Jon Marshall · ‎06-11-2009

John

vlan database is the old way to configure vlans, it's not really used much these days.

You can apply your acl's to the L3 vlan interfaces and that will allow you to control traffic between the 2 vlans.

Jon

jfwarren1 · ‎06-11-2009

Thank You. This has been quite an educational experience. I am only CCNA, and this vlan database was not covered in my studies. Thank you again. This item is fully resolved.

Jon Marshall · ‎06-11-2009

No problem, glad to have helped.

Jon