Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Network Design

I had next network design-

1 VLAN, all computers ( 172.20.x.x 255.255.0.0 ) had default gateway pointed to Proxy server( for sample 172.20.20.20) ( access to Internet).

After install Catalyst 3550 EMI i want to create VLANs. IP Routing enabled. But little misunderstood next -

for all computers ( VLAN2 - 172.16.x.x, VLAN3-172.17.x.x ....VLAN5 - 172.20.x.x) default gateway is Catalyst 3550 ( VLAN2- 172.16.0.1, VLAN3 - 172.17.0.1 ....VLAN5 - 172.20.0.1) and how i can place my Proxy server ( 172.20.20.20 - VLAN5) in that network design? I want that all computers can reach Internet through Proxy server ( 172.20.20.20) and how that Proxy server can comminicate with Catalyst 3550 ( because default gateway on LAN netcard is empty)?

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Network Design

If I understand correctly, you have:

VLAN1 - 172.16.x.x, mask 255.255.0.0, gateway 172.16.0.1 (on Cat3550)

VLAN2 - 172.17.x.x, mask 255.255.0.0, gateway 172.17.0.1 (on Cat3550)

VLAN3 - 172.18.x.x, mask 255.255.0.0, gateway 172.18.0.1 (on Cat3550)

VLAN4 - 172.19.x.x, mask 255.255.0.0, gateway 172.19.0.1 (on Cat3550)

VLAN5 - 172.20.x.x, mask 255.255.0.0, gateway 172.20.0.1 (on Cat3550)

So you already changed the default gateway on the 172.20.x.x computers from the Proxy (172.20.20.20) to the Cat3550 (172.20.0.1)? Good! That's the first thing to do.

Next, on the Catalyst 3550, configure a default static route that points to the Proxy:

ip route 0.0.0.0 0.0.0.0 172.20.20.20 1

Finally, on the Proxy, you need to configure static routes that tell it how to find the computers on VLAN1, VLAN 2, VLAN 3, and VLAN4. (The Proxy lives on VLAN5, so it already knows how to reach computers on that VLAN.) If the Proxy is a Microsoft computer, you would enter:

route -p add 172.16.0.0 mask 255.255.0.0 172.20.0.1 metric 1

route -p add 172.17.0.0 mask 255.255.0.0 172.20.0.1 metric 1

route -p add 172.18.0.0 mask 255.255.0.0 172.20.0.1 metric 1

route -p add 172.19.0.0 mask 255.255.0.0 172.20.0.1 metric 1

Or, if those four Class B networks are the only ones, just add one route that covers all four:

route -p add 172.16.0.0 mask 255.252.0.0 172.20.0.1 metric 1

(That mask covers 172.16, 172.17, 172.18, and 172.19)

Or, if you want to save yourself the trouble of remembering to add more static routes to the Proxy later, and if all your private IP addresses are going to be 172.something behind the Proxy, then just add this route:

route -p add 172.16.0.0 mask 255.240.0.0 172.20.0.1 metric 1

(That mask covers 172.16, 172.17, ..., 172.31)

Once you add the static routes to the Proxy server, it will send all traffic out to the Internet EXCEPT traffic that is destined for the private IP networks you specify.

Hope this helps.

2 REPLIES
Gold

Re: Network Design

If I understand correctly, you have:

VLAN1 - 172.16.x.x, mask 255.255.0.0, gateway 172.16.0.1 (on Cat3550)

VLAN2 - 172.17.x.x, mask 255.255.0.0, gateway 172.17.0.1 (on Cat3550)

VLAN3 - 172.18.x.x, mask 255.255.0.0, gateway 172.18.0.1 (on Cat3550)

VLAN4 - 172.19.x.x, mask 255.255.0.0, gateway 172.19.0.1 (on Cat3550)

VLAN5 - 172.20.x.x, mask 255.255.0.0, gateway 172.20.0.1 (on Cat3550)

So you already changed the default gateway on the 172.20.x.x computers from the Proxy (172.20.20.20) to the Cat3550 (172.20.0.1)? Good! That's the first thing to do.

Next, on the Catalyst 3550, configure a default static route that points to the Proxy:

ip route 0.0.0.0 0.0.0.0 172.20.20.20 1

Finally, on the Proxy, you need to configure static routes that tell it how to find the computers on VLAN1, VLAN 2, VLAN 3, and VLAN4. (The Proxy lives on VLAN5, so it already knows how to reach computers on that VLAN.) If the Proxy is a Microsoft computer, you would enter:

route -p add 172.16.0.0 mask 255.255.0.0 172.20.0.1 metric 1

route -p add 172.17.0.0 mask 255.255.0.0 172.20.0.1 metric 1

route -p add 172.18.0.0 mask 255.255.0.0 172.20.0.1 metric 1

route -p add 172.19.0.0 mask 255.255.0.0 172.20.0.1 metric 1

Or, if those four Class B networks are the only ones, just add one route that covers all four:

route -p add 172.16.0.0 mask 255.252.0.0 172.20.0.1 metric 1

(That mask covers 172.16, 172.17, 172.18, and 172.19)

Or, if you want to save yourself the trouble of remembering to add more static routes to the Proxy later, and if all your private IP addresses are going to be 172.something behind the Proxy, then just add this route:

route -p add 172.16.0.0 mask 255.240.0.0 172.20.0.1 metric 1

(That mask covers 172.16, 172.17, ..., 172.31)

Once you add the static routes to the Proxy server, it will send all traffic out to the Internet EXCEPT traffic that is destined for the private IP networks you specify.

Hope this helps.

New Member

Re: Network Design

Great!! Thank you very much!

One little question- when Layer 3 network interface is used?

(I mean set command #no switchport on the interface).

175
Views
0
Helpful
2
Replies