Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

how to keep separated 2 identical lans connected to the same router

I have a "production" lan and a "test" lan that is a perfect clone of the production in terms of hosts, applications and IP addresses.

Of course the 2 lans are completely separated and only the 1st one has an external access.

I would like to grant access to the external world also to the "test" lan using the same router but maintaining completely separated the 2 (identical) environments.

I am not much concerned for the connection between each lan and the external world, but instead by the possibility that the 2 equal lans mix-up their data.

Can I put the 2 lans in 2 different "bridge-groups", and then use IRB with bridging disabled between the 2 groups? Ip routing would be of course permitted.

I am confused and I need some help.

Nat is used on "production" lan between inside fa0/0 and outside ser0/0

here is what i would like to obtain: fa0/0


exactly same lan -->|cisco 2600 |Ser0/0----->

--------------------/ fa0/1

can the following work??

interface FastEthernet0/0

ip address

bridge-group 1


interface FastEthernet0/0

ip address

bridge-group 2


interface Serial 0/0

ip address


interface BVI 1 <-----

no ip address


bridge irb


bridge 1 protocol ieee

bridge 1 route ip

no bridge 1 bridge ip <-----


bridge 2 protocol ieee

bridge 2 route ip

no bridge 2 bridge ip <-----


the above example has been derived from

example n. 36

thanks for any suggestion, indication or example

New Member

Re: how to keep separated 2 identical lans connected to the same

I think I would rather look at a multipe nat pools solution, using route-map.

Check this out:

Hope it helps

Re: how to keep separated 2 identical lans connected to the same

Am not sure what switch you are using. But if you use 3550 (or 2950) you can enable private vlans. You can configure isolated private vlans, so that the two lans talk only to the router and not to each other.

When you configure private vlans, the devices in the isolated vlans cannot talk to other isolated vlans.

CreatePlease to create content