Solved: ISP IN 2 VLANS OUT ?

Didier1966 · ‎09-04-2010

Hello,

Our Internet Service Provider , give us a cable modem that we need to connect to a switch , from this switch , one go to the TV SET TOP BOX and the other one is normal PC's for internet.

When I look in the TV MENU of the Set Top Box , the IP is in the range of 10.0.x.x /16

When I look in the PC they are in the range of 192.168.1.x /24 (I can only have 1 PC at the time)

This means that they use some VLANS , where the INTERNET in maybe in VLAN 1 and the STB in VLAN ?

Now I come to the question :

I have a CISCO 1841 ROUTER (2 Fast Ethernet)

The idea , F0/0 is from my ISP , F0/1 go to my CISCO 2960 SWITCH (TRUNK)

I would like to have from F0/0 to F0/1 a "direct connection" in a certain VLAN x

This is the first step IN F0/0 = OUT F0/1 (NO ROUTING ; NO FIREWALL ; NOTHING)

The next step , I would like to have a other VLAN that have DHCP ; ROUTING ; Etc

Both VLANS will come out in one trunk and I will filter them out in the CISCO 2960 SWITCH.

I know how to create VLANS ,NAT ,ROUTING TABLES , but I have no clue how to make a trunk out of my router.

Here below in a small drawing what I would like to archive :

> OUT F0/1 10.0.x.x in VLAN X

ISP 10.0.x.x /16 + 192.168.1.x/24 IN F0/0 >

> OUT F0/1 192.168.100.x in VLAN Y (NOTE THE IP RANGE 192.168.100.x)

Thank you in advance for your input

Best Regards,

Didier.

Giuseppe Larosa · ‎09-05-2010

Hello Didier,

you probably still need to go with a packet capture to see vlan tags as a LAN switch allows or denies tagged frames depending on the fact the port is configured as a trunk and the vlan-ids are present or not in the vlan database.

Note: for the IPTV service each TV channel is a different multicast stream and the network may be configured to allow only one stream at a given time so you may not be able to connect two set top boxes and to see two different TV programs on them.

To be noted that if the network does not perform this control the risk is that you can use too much bandwidth on the IPTV part resulting in bad quality.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎09-04-2010

Hello Didier,

>> I can only have 1 PC at the time

Ok connect the router in place of the PC and makes it to get an ip address by DHCP.

That interface is the router outside for NAT and what you connect on the internal network of your choice will be NATTED by the router

int f0/0

ip address dhcp

ip nat outside

int f0/1

ip address 172.31.21.1 255.255.255.0

ip nat inside

access-list 111 permit ip 172.31.21.0 0.0.0.255 any

ip nat inside source list 111 interface fas0/0 overload

ip route 0.0.0.0 0.0.0.0 dhcp

! check the dhcp option on your router otherwise you could try to use ip route 0.0.0.0 0.0.0 fas0/0 but this relies on proxy ARP enabled on ISP

What you would like to do is more difficult to achieve you should first find out what these vlans are X=10 Y=20 for example and I'm not sure you can bridge at the subinterface level

interface fas0/0

no ip address

int fas0/0.10

enc dot1q 10

bridge-group 1

int fas0/0.20

enc dot1q 20

ip address dhcp

ip nat outside

interface fas0/1

no ip address

interface fas0/1.10

enc dot1q 10

bridge-group 1

But the point is that I'm not sure your C1841 supports per subinterface bridging and unless you would like to connect multiple PCs to internet and mutiple set top boxes ( but then how to receive two different TV channels ?) the first setup is simpler and works for sure only some possible issues with static default route

Hope to help

Giuseppe

Lei Tian · ‎09-04-2010

Hi Didier,

You can first capture the traffic from cable modem see what VLANs it is using. Once we know the VLANs I will do something like the following

fa0/0

fa0/0.X

en do X

ip add dhcp

int fa0/0.Y

en do Y

ip add dhcp

ip dhcp pool STB

network 172.16.1.0/24

default-router 172.16.1.1

import all

ip dhcp pool PC

network 172.16.2.0/24

default-router 172.16.2.1

import all

fa0/1.X

en do X

ip add 172.16.1.1

fa0/1.Y

en do Y

ip add 172.16.2.1

add all the NAT rules ...

Not same as what you are looking for, but that gives you different vlans for STB and PC, and use different IP when traffic leaves cable modem.

Regards,

Lei Tian

Didier1966 · ‎09-04-2010

Hello,

Thank you both for this useful reply.

Is it possible to trace the VLAN's that I have on my network or do I have to use wireshark ?

Thank You Again for our great help.

Best Regards,

Didier.

Lei Tian · ‎09-04-2010

Hi Didier,

Is your current switch a L2 switch? Can you see its config?

Regards,

Lei Tian

Didier1966 · ‎09-05-2010

I have put the CISCO 2950 switch just after the MODEM of my provider.

Maybe I can use some IOS commands to see what the are doing.

Thank You in advance for your help

Best Regards,

Didier

Giuseppe Larosa · ‎09-05-2010

Hello Didier,

you probably still need to go with a packet capture to see vlan tags as a LAN switch allows or denies tagged frames depending on the fact the port is configured as a trunk and the vlan-ids are present or not in the vlan database.

Note: for the IPTV service each TV channel is a different multicast stream and the network may be configured to allow only one stream at a given time so you may not be able to connect two set top boxes and to see two different TV programs on them.

To be noted that if the network does not perform this control the risk is that you can use too much bandwidth on the IPTV part resulting in bad quality.

Hope to help

Giuseppe