Static IP and VLANs

fingerlicked · ‎04-06-2010

Ok so I have 5 static IP addresses now and here is what I want to try but I'm not sure it will work this way, need suggestions. I am going to simplify it with only 2 of the IP's in use for this example

interface FastEthernet0/0
description $ETH-WAN$$FW_OUTSIDE$
ip address x.x.x.1 255.255.255.248
ip access-group 102 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
speed auto
full-duplex
no cdp enable
no mop enabled

interface FastEthernet0/1
description $ETH-LAN$$FW_INSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
speed auto
full-duplex
no mop enabled
!
interface FastEthernet0/1.1
description VLAN 1
encapsulation dot1Q 1 native
ip address 192.168.10.1 255.255.255.0
ip access-group 110 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip inspect SDM_LOW in
ip virtual-reassembly

!

interface FastEthernet0/1.2
description VLAN 2
encapsulation dot1Q 2 native
ip address 192.168.10.1 255.255.255.0
ip access-group 120 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly

!

ip nat inside source static 192.168.11.1 x.x.x.2

If I static nat the second IP to the VLAN2 interface will I still be able to apply Zone based FW and ACLs?

fingerlicked · ‎04-06-2010

Or....

Should I static nat the second IP to a loopback0 and then nat the loopback0 to the VLAN2 interface? That would allow me to make a zone for each interface.

I'm sorry I made a mistake. interface 0/1.2 ip address is 192.168.11.1 255.255.255.0