Creating LAN subnets

Answered Question
Jun 17th, 2009
User Badges:

Hi,


I have a LAN using IP range 192.168.1.x. I am currently using a Cisco 857 ADSL router to provide internet access to all the PC's in the LAN.


I want to change the network so that IP addresses are separated into different departments, eg 192.168.10.x, 192.168.20.x. Each different network would be able to access the internet, mail server and the file server etc, but would not have access to each other.


Could this be achieved using ACL's on my existing router? The Cisco router only has 4 ports, would I need to purchase an additional router, or layer 3 switch to do this?


Thanks


Nick

Correct Answer by ivarnhagen about 7 years 10 months ago

Hi,


It's true, the 850 series only supports one vlan. :(


You would have to put a Layer3 switch behind it, and create a separate subnet connecting it to the cisco 857 (either by VLAN/SVI or routed port).


On the L3 switch create different VLANs and SVI's for your clients. Assign different ports to the desired Client VLANs.Communication between the VLANs can be limited by ACL's applied to the SVIs.


On the L3 switch point a default route towards the Cisco857, and dont forget to set appropriate routes on your Cisco 857 pointing back to the Layer 3 Switch.


hth

Ingo

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Wed, 06/17/2009 - 03:56
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Nick,

be aware that depending on the IOS image version there can be a limit to only two vlans usable on the device.


Follow the link provided in the other post you need to define the vlans both at L2 and at L3 you can associate a port to a vlan with

int f0/x

switchport

switchport mode access Y


Hope to help

Giuseppe


Leo Laohoo Wed, 06/17/2009 - 15:08
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Hi Nick,


850 series router will only allow ONE (1) VLAN. How about trying secondary IP Address?

nickc1976 Thu, 06/18/2009 - 01:13
User Badges:

Thanks for all the input, I've been doing some reading on the subject.


Would I be able to achieve this using a layer 3 switch?

Correct Answer
ivarnhagen Thu, 06/18/2009 - 02:58
User Badges:

Hi,


It's true, the 850 series only supports one vlan. :(


You would have to put a Layer3 switch behind it, and create a separate subnet connecting it to the cisco 857 (either by VLAN/SVI or routed port).


On the L3 switch create different VLANs and SVI's for your clients. Assign different ports to the desired Client VLANs.Communication between the VLANs can be limited by ACL's applied to the SVIs.


On the L3 switch point a default route towards the Cisco857, and dont forget to set appropriate routes on your Cisco 857 pointing back to the Layer 3 Switch.


hth

Ingo

nickc1976 Mon, 06/22/2009 - 01:52
User Badges:

Thanks for all the information on this topic.

I'll order a layer 3 switch, then set up a test system. I'm sure I'll be back with more questions once I have the test system up and sunning.

Nick

Actions

This Discussion