Solved: Configure two LAN's to Route Through one ISP Connection

txlombardi_2 · ‎05-19-2010

I have a customer who has two totally separate LAN's (172.29.153.0/24 and 192.168.12.0/24) in their office. They even have two ISP's connected to two separate routers for the two separate LAN's so no traffic from one LAN ever has interaction with the other. They have Cisco 2811 and 1841 routers. The customer now wants to eliminate one ISP but still keep the LAN's separate.

My first thought was to just setup a VLAN, but some of their switch equipment will not support VLAN's.

So now I am thinking they can pull out one Ethernet router interface card from the 1841 and insert it into the 2811 (or just buy another Ethernet interface and install it). That way we can hook up the two LAN's but keep them separate while going out the same WAN interface. Each LAN will need traffic forwarded into servers on the respective LAN's but I don't see that as a problem.

Does anyone see this as not viable? Do you know where I can find a configuration example of multiple LAN's through one WAN interface. (I looked for a couple of hours, but could not find one). Does anyone have a better idea?

BTW, if this is the wrong place to post this question, please, point me in the right direction.

Thanks,

Tony

Jon Marshall · ‎05-19-2010

txlombardi wrote:

I have a customer who has two totally separate LAN's (172.29.153.0/24 and 192.168.12.0/24) in their office. They even have two ISP's connected to two separate routers for the two separate LAN's so no traffic from one LAN ever has interaction with the other. They have Cisco 2811 and 1841 routers. The customer now wants to eliminate one ISP but still keep the LAN's separate.

My first thought was to just setup a VLAN, but some of their switch equipment will not support VLAN's.

So now I am thinking they can pull out one Ethernet router interface card from the 1841 and insert it into the 2811 (or just buy another Ethernet interface and install it). That way we can hook up the two LAN's but keep them separate while going out the same WAN interface. Each LAN will need traffic forwarded into servers on the respective LAN's but I don't see that as a problem.

Does anyone see this as not viable? Do you know where I can find a configuration example of multiple LAN's through one WAN interface. (I looked for a couple of hours, but could not find one). Does anyone have a better idea?

BTW, if this is the wrong place to post this question, please, point me in the right direction.

Thanks,

Tony

It's perfectly viable and you won't find config examples as such because it is very straigthforward.

So you would connect the switch with LAN1 to one fa0/0 on 2811. LAN2 connect to fa0/1. Then they will both be able to route to the internet. If you want to restrict traffic between the 2 LANs just use acls eg.

LAN1 = 192.168.5.0/24

LAN2 = 192.168.6.0/24

access-group 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255

access-group 101 permit ip 192.168.5.0 0.0.0.255 any

int fa0/0

ip access-group 101 in

access-group 102 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255

access-group 102 permit ip 192.168.6.0 0.0.0.255 any

int fa0/1

ip access-group 102 in

If you are doing NAT on the router as well don't forget to add "ip nat inside" under your fa0/0 and fa0/1 interfaces and "ip nat outside" under the wan interface and the ip nat statement eg.

access-list 103 permit ip 192.168.5.0 0.0.0.255 any

access-list 103 permit ip 192.168.6.0 0.0.0.255 any

ip nat inside source list 103 interface overload

Jon

View solution in original post

Jon Marshall · ‎05-19-2010

txlombardi wrote:

I have a customer who has two totally separate LAN's (172.29.153.0/24 and 192.168.12.0/24) in their office. They even have two ISP's connected to two separate routers for the two separate LAN's so no traffic from one LAN ever has interaction with the other. They have Cisco 2811 and 1841 routers. The customer now wants to eliminate one ISP but still keep the LAN's separate.

My first thought was to just setup a VLAN, but some of their switch equipment will not support VLAN's.

So now I am thinking they can pull out one Ethernet router interface card from the 1841 and insert it into the 2811 (or just buy another Ethernet interface and install it). That way we can hook up the two LAN's but keep them separate while going out the same WAN interface. Each LAN will need traffic forwarded into servers on the respective LAN's but I don't see that as a problem.

Does anyone see this as not viable? Do you know where I can find a configuration example of multiple LAN's through one WAN interface. (I looked for a couple of hours, but could not find one). Does anyone have a better idea?

BTW, if this is the wrong place to post this question, please, point me in the right direction.

Thanks,

Tony

It's perfectly viable and you won't find config examples as such because it is very straigthforward.

So you would connect the switch with LAN1 to one fa0/0 on 2811. LAN2 connect to fa0/1. Then they will both be able to route to the internet. If you want to restrict traffic between the 2 LANs just use acls eg.

LAN1 = 192.168.5.0/24

LAN2 = 192.168.6.0/24

access-group 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255

access-group 101 permit ip 192.168.5.0 0.0.0.255 any

int fa0/0

ip access-group 101 in

access-group 102 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255

access-group 102 permit ip 192.168.6.0 0.0.0.255 any

int fa0/1

ip access-group 102 in

If you are doing NAT on the router as well don't forget to add "ip nat inside" under your fa0/0 and fa0/1 interfaces and "ip nat outside" under the wan interface and the ip nat statement eg.

access-list 103 permit ip 192.168.5.0 0.0.0.255 any

access-list 103 permit ip 192.168.6.0 0.0.0.255 any

ip nat inside source list 103 interface overload

Jon

txlombardi_2 · ‎05-19-2010

Thanks, Jon. I figured it was the way to go, but I needed some confirmation. Your reply was a big help. I appreciate you taking the time to answer my post.

Tony