ISP IN 2 VLANS OUT ?

Answered Question
Sep 4th, 2010
User Badges:

Hello,


Our Internet Service Provider , give us a cable modem that we need to connect to a switch , from this switch , one go to the TV SET TOP BOX and the other one is normal PC's for internet.


When I look in the TV MENU of the Set Top Box , the IP is in the range of 10.0.x.x /16

When I look in the PC they are in the range of 192.168.1.x /24 (I can only have 1 PC at the time)


This means that they use some VLANS , where the INTERNET in maybe in VLAN 1 and the STB in VLAN ?


Now I come to the question :

I have a CISCO 1841 ROUTER  (2 Fast Ethernet)

The idea , F0/0 is from my ISP , F0/1 go to my CISCO 2960 SWITCH (TRUNK)


I would like to have from F0/0 to F0/1 a "direct connection" in a certain VLAN x

This is the first step IN F0/0 = OUT F0/1 (NO ROUTING ; NO FIREWALL ; NOTHING)


The next step  , I would like to have a other VLAN that have DHCP ; ROUTING ; Etc


Both  VLANS will come out in one trunk and I will filter them out in the CISCO 2960 SWITCH.


I know how to create VLANS ,NAT ,ROUTING TABLES , but I have no clue how to make a trunk out of my router.


Here below in a small drawing what I would like to archive :



                                                               >  OUT F0/1 10.0.x.x in VLAN X                                                 

ISP 10.0.x.x /16 + 192.168.1.x/24 IN F0/0  >

                                                               > OUT F0/1 192.168.100.x in VLAN Y (NOTE THE IP RANGE 192.168.100.x)


Thank you in advance for your input 


Best Regards,

Didier.

Correct Answer by Giuseppe Larosa about 6 years 8 months ago

Hello Didier,

you probably still need to go with a packet capture to see vlan tags as a LAN switch allows or denies tagged frames depending on the fact the port is configured as a trunk and the vlan-ids are present or not in the vlan database.


Note: for the IPTV service each TV channel is a different multicast stream and the network may be configured to allow only one stream at a given time so you may not be able to connect two set top boxes and to see two different TV programs on them.

To be noted that if the network does not perform this control the risk is that you can use too much bandwidth on the IPTV part resulting in bad quality.



Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Giuseppe Larosa Sat, 09/04/2010 - 04:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Didier,


>> I can only have 1 PC at the time


Ok connect the router in place of  the PC and makes it to get an ip address by DHCP.

That interface is the router outside for NAT and what you connect on the internal network of your choice will be NATTED by the router


int f0/0

ip address dhcp

ip nat outside



int f0/1

ip address 172.31.21.1 255.255.255.0

ip nat inside



access-list 111 permit ip 172.31.21.0 0.0.0.255 any


ip nat inside source list 111 interface fas0/0 overload


ip route 0.0.0.0 0.0.0.0 dhcp

! check the dhcp option on your router otherwise you could try to use ip route 0.0.0.0 0.0.0 fas0/0 but this relies on proxy ARP enabled on ISP


What you would like to do is more difficult to achieve you should first find out what these vlans are X=10 Y=20  for example and I'm not sure you can bridge at the subinterface level



interface fas0/0

no ip address

int fas0/0.10

enc dot1q 10

bridge-group 1

int fas0/0.20

enc dot1q 20

ip address dhcp

ip nat outside


interface fas0/1

no ip address

interface fas0/1.10

enc dot1q 10

bridge-group 1


But the point is that I'm not sure your C1841 supports per subinterface bridging and unless you would like to connect multiple PCs to internet and mutiple set top boxes ( but then how to receive two different TV channels ?) the first setup is simpler and works for sure only some possible issues with static default route


Hope to help

Giuseppe

Lei Tian Sat, 09/04/2010 - 05:03
User Badges:
  • Cisco Employee,

Hi Didier,


You can first capture the traffic from cable modem see what VLANs it is using. Once we know the VLANs I will do something like the following


fa0/0

fa0/0.X

en do X

ip add dhcp

int fa0/0.Y

en do Y

ip add dhcp


ip dhcp pool STB

network 172.16.1.0/24

default-router 172.16.1.1

import all

ip dhcp pool PC

network 172.16.2.0/24

default-router 172.16.2.1

import all


fa0/1.X

en do X

ip add 172.16.1.1

fa0/1.Y

en do Y

ip add 172.16.2.1


add all the NAT rules ...


Not same as what you are looking for, but that gives you different vlans for STB and PC, and use different IP when traffic leaves cable modem.


Regards,

Lei Tian

Didier1966 Sat, 09/04/2010 - 14:08
User Badges:

Hello,


Thank you both for this useful reply.


Is it possible to trace the VLAN's that I have on my network or do I have to use wireshark ?


Thank You Again for our great help.


Best Regards,

Didier.

Lei Tian Sat, 09/04/2010 - 15:42
User Badges:
  • Cisco Employee,

Hi Didier,


Is your current switch a L2 switch? Can you see its config?


Regards,

Lei Tian

Didier1966 Sun, 09/05/2010 - 00:40
User Badges:

I have put the CISCO 2950 switch just after the MODEM of my provider.

Maybe I can use some IOS commands to see what the are doing.


Thank You in advance for your help

Best Regards,

Didier

Correct Answer
Giuseppe Larosa Sun, 09/05/2010 - 02:18
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Didier,

you probably still need to go with a packet capture to see vlan tags as a LAN switch allows or denies tagged frames depending on the fact the port is configured as a trunk and the vlan-ids are present or not in the vlan database.


Note: for the IPTV service each TV channel is a different multicast stream and the network may be configured to allow only one stream at a given time so you may not be able to connect two set top boxes and to see two different TV programs on them.

To be noted that if the network does not perform this control the risk is that you can use too much bandwidth on the IPTV part resulting in bad quality.



Hope to help

Giuseppe

Actions

This Discussion