Creating LAN subnets

Answered Question
Jun 17th, 2009

Hi,

I have a LAN using IP range 192.168.1.x. I am currently using a Cisco 857 ADSL router to provide internet access to all the PC's in the LAN.

I want to change the network so that IP addresses are separated into different departments, eg 192.168.10.x, 192.168.20.x. Each different network would be able to access the internet, mail server and the file server etc, but would not have access to each other.

Could this be achieved using ACL's on my existing router? The Cisco router only has 4 ports, would I need to purchase an additional router, or layer 3 switch to do this?

Thanks

Nick

I have this problem too.
0 votes
Correct Answer by ivarnhagen about 7 years 5 months ago

Hi,

It's true, the 850 series only supports one vlan. :(

You would have to put a Layer3 switch behind it, and create a separate subnet connecting it to the cisco 857 (either by VLAN/SVI or routed port).

On the L3 switch create different VLANs and SVI's for your clients. Assign different ports to the desired Client VLANs.Communication between the VLANs can be limited by ACL's applied to the SVIs.

On the L3 switch point a default route towards the Cisco857, and dont forget to set appropriate routes on your Cisco 857 pointing back to the Layer 3 Switch.

hth

Ingo

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Wed, 06/17/2009 - 03:56

Hello Nick,

be aware that depending on the IOS image version there can be a limit to only two vlans usable on the device.

Follow the link provided in the other post you need to define the vlans both at L2 and at L3 you can associate a port to a vlan with

int f0/x

switchport

switchport mode access Y

Hope to help

Giuseppe

Leo Laohoo Wed, 06/17/2009 - 15:08

Hi Nick,

850 series router will only allow ONE (1) VLAN. How about trying secondary IP Address?

nickc1976 Thu, 06/18/2009 - 01:13

Thanks for all the input, I've been doing some reading on the subject.

Would I be able to achieve this using a layer 3 switch?

Correct Answer
ivarnhagen Thu, 06/18/2009 - 02:58

Hi,

It's true, the 850 series only supports one vlan. :(

You would have to put a Layer3 switch behind it, and create a separate subnet connecting it to the cisco 857 (either by VLAN/SVI or routed port).

On the L3 switch create different VLANs and SVI's for your clients. Assign different ports to the desired Client VLANs.Communication between the VLANs can be limited by ACL's applied to the SVIs.

On the L3 switch point a default route towards the Cisco857, and dont forget to set appropriate routes on your Cisco 857 pointing back to the Layer 3 Switch.

hth

Ingo

nickc1976 Mon, 06/22/2009 - 01:52

Thanks for all the information on this topic.

I'll order a layer 3 switch, then set up a test system. I'm sure I'll be back with more questions once I have the test system up and sunning.

Nick

Actions

This Discussion