Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Vlans with Public IP addresses - 254 Public IP's are in hand

Can we configure VLAN's/ Vlan Interfaces with Public IP addresses ?

I have 30 offices/Vlans in the same building ( so 30 vlans) sharing the 10MB connection to internet. All these offices/vlans don't need to talk to each other , they just need internet access and should be visible from internet (running own email server etc).

If I assign the private IP's to VLAN' and configure their gateway as the IP of the internet router, they all should be able to browse internet as cisco 1841 is doing NATing.

Can I create VLAN interfaces ( 30 in total) with public IP address on LAN and then PC's within the LAN will use that IP for internet browsing . Shall I assign public ip address to each PC /server in the LAN.

Switches are Cisco 3350 L3 , and router is 1841 ( connecting to internet).

I have 254 Public Ip address available to make this work.

Many thanks for the help

5 REPLIES
Hall of Fame Super Silver

Re: Vlans with Public IP addresses - 254 Public IP's are in hand

Hello Salman,

I see some points of attention:

giving public ip address to end user PC means exposing it to the internet without protection

if you try to subnet a /24 space you can get up to 32 /29 IP subnets this means up to 6 hosts including L3 switch(es) for subnet and this can be too small to accomodate users if you have more then 5 users per office.

I understand that the C1841 can be a bottleneck but it is the only way to provide internet access to offices with more then 5 users.

NAT is not supported on C3350 so the C1841 is the only NAT capable device.

I would keep the current configuration.

I would rather think of getting a second router to implement stateful NAT.

Hope to help

Giuseppe

New Member

Re: Vlans with Public IP addresses - 254 Public IP's are in hand

Hi Giuseppe,

Thanks.

I main job is to relplace Neatgear switches and replace with cisco 3350 L3 switches.

I am visiting client next week and then I will only find out how is there existing configuration loook like, as at the moment I am not very sure myself.

I will keep you updated and seek further advise once I am finished my site survery.

Thankyou for your time.

Re: Vlans with Public IP addresses - 254 Public IP's are in hand

Dear Nasheet,

This is not a best practice to assign vlans on the public IP or servers directly with the public IPs. This is also a security flaw in the network that everyone can hit the server directly with the public IP. Also can access switches/routers via public IP (in default settings)

What you can you to do static NATing on Cisco 1841 for all your servers and dynamic NATing for internet users.

I will recommend you to create sub-interfaces on the router(Router on a stick) instead of creating SVI(interface vlan x) on the switches in such scenario.

Regards,

Anser

Hall of Fame Super Silver

Re: Vlans with Public IP addresses - 254 Public IP's are in hand

Hello Anser,

I agree with you just one note:

inter vlan routing can still be made by L3 switches.

All is needed is a layer link between core switches and the C1841 to reach the internet so C1841 doesn't need a lot of subinterfaces.

So with some hierarchy in network at least a pair of core switches that aggregate the L3 switches would be fine.

Hope to help

Giuseppe

Re: Vlans with Public IP addresses - 254 Public IP's are in hand

Yes you are right

193
Views
0
Helpful
5
Replies
CreatePlease login to create content