×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VLAN & Internet Access

Unanswered Question
Aug 26th, 2006
User Badges:

Guys,

My network has 2 VLANs at the moment, planning to add more.Lets say for now vlan 1 & 2. My internet router is found in VLAN 1. Inter-VLAN routing has been configured on a Cisco 1710 and works fine in our network.


1) How to make those in VLAN 2 access the internet through ADSL router in VLAN 1? What ip route to configure?

(Just a quick note, some other ports we should enable for internet access: pop3 110, smtp 25)


2) Would it be easier to shift the ADSL router to a different VLAN as I add vlan 3, 4 ,etc?


rgs

roghen

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Sat, 08/26/2006 - 12:30
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

It's the 1710 your ADSL router ?


Please post configs.


Thanks


Richard Burts Sat, 08/26/2006 - 13:04
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

roghen


If inter-VLAN routing is configured and is working ok then you should make sure that the router that is doing inter-VLAN routing has a default route configured which points to the connection through VLAN 1 to the Internet next hop. That should provide Internet access on each of the VLANs.


I see no need to move the Internet connectivity from VLAN 1 other than the general advice about keeping user traffic separate from management traffic in the native VLAN (which is VLAN 1 by default).


One other aspect to consider, depending on the addressing that you have configured in your network you probably need to do NAT on traffic going to the Internet and need to assure that it will translate user traffic from all VLANs.


HTH


Rick

mohd_imran Sun, 08/27/2006 - 02:25
User Badges:

since your network has two vlans and you can communicate between then which means that u just have to configure a route for the subinterfces - assuming u have done a router on stick....on the internet interface of router where u have configured inter vlan routing since that currently takes already takes care of routing ur information to the ADSL router...it would be more helpful if u could post the configuration....


HIH



rsabapathee Sun, 08/27/2006 - 22:33
User Badges:

Thanks for your feedback guys. however i cannot find any similar configuration that can help me with the routing. Here is my setup.


Cisco 1710 - 192.168.1.1

ADSL router (linksys) - 192.168.1.26

VLAN 1: 192.168.1.x

VLAN 2: 192.168.2.x


The only way I get internet to work is as follows:


1. The following ip route is configured on 1710 router.

ip route 0.0.0.0 0.0.0.0 192.168.1.26 255.255.255.0


2. Now on adsl router, I configure a route for each vlan to route internet traffic.

route 192.168.1.0 255.255.255.0 192.168.1.26

route 192.168.2.0 255.255.255.0 192.168.1.26


I am sure there are better ways to configure for this scenario and routing is done only on the cisco 1710 to ensure internet acess for everyone.


rgs

roghen



Anand Narayana Sun, 08/27/2006 - 22:46
User Badges:
  • Silver, 250 points or more

Hi Rsab,

your requirement is, you wanted different vlan pc's to get connected directly to internet, & the ADSL router is residing in vlan 1 & all the pc's are residing in vlan 2, 3 etc.... so simply

jus add "ip route 0.0.0.0 0.0.0.0 vlan 1". & gateway ip address for all the pc's should be respective vlan ip address created in the router.


hope this helps.


don't forget to rate the post.

rsabapathee Mon, 08/28/2006 - 02:17
User Badges:

hi there,

thx for your response.

however i am a bit confused by the routing given


ip route 0.0.0.0 0.0.0.0 vlan 1 --> Basically everything is routed to vlan 1. Currently vlan 1 default-route is the ip address of ADSL router. That command as given cannot be configured in the router. Guess should be

ip route 0.0.0.0 0.0.0.0 vlan_1_ip_address??


gateway ip address for all the pc's should be respective vlan ip address created in the router. ??? confused with it. PCs in vlan 2 is configured with default gateway of 192.168.2.1. Is this what you are referring to?

thx

rsabapathee Mon, 08/28/2006 - 02:20
User Badges:

also

wont this routing "ip route 0.0.0.0 0.0.0.0 vlan 1" cause broadcasts from vlan 2, 3, etc..to be transmitted to vlan 1??

Anand Narayana Mon, 08/28/2006 - 02:44
User Badges:
  • Silver, 250 points or more

Hi,

once if you specify the "ip route 0.0.0.0 0.0.0.0 vlan_1_ip_address", & specify the respective gateway ip address to the respective vlan pc's, YES you can reach the internet, but one thing i wanted to know whether the vlans are created in the router or on a seperate switch?

rsabapathee Mon, 08/28/2006 - 03:05
User Badges:

the vlans are created on sub-interfaces on the router itself.


i.e.

int fastethernet 0.2 --> vlan 2

encap dot1q 2

ip address 192.168.2.1 255.255.255.0



To SUMMARIZE:


To 1710 Router I add:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip default-gateway 192.168.1.26 (192.168.1.26 is ip of adsl router, this is already configured on router)


VLAN 2 PC, configured as:

ip address: 192.168.2.x

mask: 255.255.255.0

Gateway: 192.168.2.1


rgs

roghen



rsabapathee Mon, 08/28/2006 - 03:14
User Badges:

just tried the above setup but i get a message saying:


ip 192.168.1.1 is ip address of router. does it mean i need to add an ip address, say 192.168.1.2 and assign it as ip address of VLAN 1.is that correct?


Also what will happen to broadcasts on VLAN 2 with the above route. will it be transmitted on VLAN 1?


rgs

Anand Narayana Mon, 08/28/2006 - 03:18
User Badges:
  • Silver, 250 points or more

Hi,

the command should be "ip route 0.0.0.0 0.0.0.0 192.168.1.26" because 192.168.1.26(ur ADSL Router) is pointing towards the internet & NOT "ip route 0.0.0.0 0.0.0.0 192.168.1.1" also remove "ip default-gateway 192.168.1.26"



rsabapathee Mon, 08/28/2006 - 03:27
User Badges:

thx buddy.

basically its the same as described in my second post above.


I will then need to add the routes described above in my adsl router for people to get access to the internet. Thats is what I am doing currently.


I am looking for a solution whereby I need not add any routing in my adsl router.


Anand Narayana Mon, 08/28/2006 - 03:36
User Badges:
  • Silver, 250 points or more

you need not do any routing in ur adsl router, all u need to do the routing in ur 1700 series router.

rsabapathee Mon, 08/28/2006 - 04:02
User Badges:

i tested as you say. People in vlan 2 dont get internet access if I dont add the routing below in the adsl router as well.


route 192.168.2.0 255.255.255.0 192.168.1.26

Anand Narayana Mon, 08/28/2006 - 06:27
User Badges:
  • Silver, 250 points or more

Hi,

In ADSL router you need to specify route "192.168.2.0 255.255.255.0 192.168.1.1" same for vlan 3 route "192.168.3.0 255.255.255.0 192.168.1.1"


hope this helps.

rate this post

Richard Burts Mon, 08/28/2006 - 05:24
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

The statement that no routing is needed in the ADSL router is bad advice and is not true. The ADSL router certainly does need to do some routing. No doubt the ADSL router has a default route pointing out into the Internet. And the ADSL router has in interface in network 192.168.1.0 so it can route to that network. But how will the ADSL router get to the network in VLAN 2 which is 192.168.2.0? The ADSL router must have a route identifying that 192.168.2.0 is reachable through the address on the 1710.


HTH


Rick

rsabapathee Tue, 08/29/2006 - 00:13
User Badges:

What happens to VLAN 2 broadcast when I add the route described above? Will it be forwarded to VLAN 1?


ip route 0.0.0.0 0.0.0.0 192.168.1.26 ??



Richard Burts Tue, 08/29/2006 - 05:10
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Roghen


The VLAN 2 broadcasts are not forwarded to VLAN 1. One of the principles of layer 3 routing is that it establishes a boundary for layer 2 broadcasts. So any broadcast in VLAN 2 is forwarded to every device in VLAN 2 but is not forwarded to any device in VLAN 1.


If you did want broadcasts to be forwarded there is the ip helper-address command which can forward some broadcasts. But by default there is not forwarding of broadcasts from one VLAN to another VLAN.


HTH


Rick

Actions

This Discussion