06-17-2009 02:36 AM - edited 03-06-2019 06:18 AM
Hi,
I have a LAN using IP range 192.168.1.x. I am currently using a Cisco 857 ADSL router to provide internet access to all the PC's in the LAN.
I want to change the network so that IP addresses are separated into different departments, eg 192.168.10.x, 192.168.20.x. Each different network would be able to access the internet, mail server and the file server etc, but would not have access to each other.
Could this be achieved using ACL's on my existing router? The Cisco router only has 4 ports, would I need to purchase an additional router, or layer 3 switch to do this?
Thanks
Nick
Solved! Go to Solution.
06-18-2009 02:58 AM
Hi,
It's true, the 850 series only supports one vlan. :(
You would have to put a Layer3 switch behind it, and create a separate subnet connecting it to the cisco 857 (either by VLAN/SVI or routed port).
On the L3 switch create different VLANs and SVI's for your clients. Assign different ports to the desired Client VLANs.Communication between the VLANs can be limited by ACL's applied to the SVIs.
On the L3 switch point a default route towards the Cisco857, and dont forget to set appropriate routes on your Cisco 857 pointing back to the Layer 3 Switch.
hth
Ingo
06-17-2009 03:47 AM
Hi Nick,
maybe this will point you in the right direction:
http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/dhcpvlan.html
hth
Ingo
06-17-2009 03:56 AM
Hello Nick,
be aware that depending on the IOS image version there can be a limit to only two vlans usable on the device.
Follow the link provided in the other post you need to define the vlans both at L2 and at L3 you can associate a port to a vlan with
int f0/x
switchport
switchport mode access Y
Hope to help
Giuseppe
06-17-2009 03:08 PM
Hi Nick,
850 series router will only allow ONE (1) VLAN. How about trying secondary IP Address?
06-18-2009 01:13 AM
Thanks for all the input, I've been doing some reading on the subject.
Would I be able to achieve this using a layer 3 switch?
06-18-2009 02:58 AM
Hi,
It's true, the 850 series only supports one vlan. :(
You would have to put a Layer3 switch behind it, and create a separate subnet connecting it to the cisco 857 (either by VLAN/SVI or routed port).
On the L3 switch create different VLANs and SVI's for your clients. Assign different ports to the desired Client VLANs.Communication between the VLANs can be limited by ACL's applied to the SVIs.
On the L3 switch point a default route towards the Cisco857, and dont forget to set appropriate routes on your Cisco 857 pointing back to the Layer 3 Switch.
hth
Ingo
06-22-2009 01:52 AM
Thanks for all the information on this topic.
I'll order a layer 3 switch, then set up a test system. I'm sure I'll be back with more questions once I have the test system up and sunning.
Nick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: