Unanswered Question
Oct 7th, 2009


We have a private WAN IP network (WAN: consisting with five different subnets each with their own IP (LAN)addressing space.

LAN 1=

LAN 2=


LAN 4=

LAN 5=

I need to be able connect LAN 5 to LAN 3 (VLAN) - and route all Internet traffic from LAN 3 (VLAN) to a gateway on LAN 5 - while at the same time restrict LAN 5 from connecting to any of the other LANs.

The biggest problem I can't get my arms around is all of the 10.x networks involved. We also employ EIRGP on each router.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
iholdings Wed, 10/07/2009 - 07:20

Logic check: Will this work?


LAN 5 router:

interface GigabitEthernet0/0

description ***Connection to WAN***

ip address

ip flow ingress

ip flow egress

duplex auto

speed auto

interface GigabitEthernet0/1

description *** LAN port ***

ip address


duplex auto

speed auto

ON LAN 3 router:

ip dhcp pool JPI




interface GigabitEthernet0/1.14

description ** LAN 5 **

encapsulation dot1Q 14

ip address

ip access-group INETLAN5-ONLY in

ip policy route-map INETONLYLAN5

no snmp trap link-status

ip access-list extended INETLAN5-ONLY

permit udp any any eq bootpc

deny ip any

deny ip any

deny ip any

permit icmp any any

permit ip any any

ip access-list extended LAN5-INETONLY-NETS

deny ip

deny ip

deny ip

permit ip any

deny ip any any

route-map INETONLYLAN5 permit 10

match ip address LAN5-INETONLY-NETS

set ip next-hop

Leo Laohoo Wed, 10/07/2009 - 12:41

interface GigabitEthernet0/1

description *** LAN port ***

shutdown < --- Your LAN may NOT work.

iholdings Thu, 10/08/2009 - 03:59

Yes - I had that down prior to shipping the router to LAN5. The router is now up with LAN up, but neither LAN on both ends can see the other. I can ping hosts on LAN3 from the LAN5 router, but hosts behind each can't get to the other side.

iholdings Thu, 10/08/2009 - 04:02

Correction - from the router on LAN5 I can ping hosts behind LAN3 router - but I can only ping the LAN port on LAN5 router from the LAN3 router.


This Discussion