Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VLAN & Internet Access

Guys,

My network has 2 VLANs at the moment, planning to add more.Lets say for now vlan 1 & 2. My internet router is found in VLAN 1. Inter-VLAN routing has been configured on a Cisco 1710 and works fine in our network.

1) How to make those in VLAN 2 access the internet through ADSL router in VLAN 1? What ip route to configure?

(Just a quick note, some other ports we should enable for internet access: pop3 110, smtp 25)

2) Would it be easier to shift the ADSL router to a different VLAN as I add vlan 3, 4 ,etc?

rgs

roghen

18 REPLIES
Hall of Fame Super Bronze

Re: VLAN & Internet Access

It's the 1710 your ADSL router ?

Please post configs.

Thanks

Hall of Fame Super Gold

Re: VLAN & Internet Access

roghen

If inter-VLAN routing is configured and is working ok then you should make sure that the router that is doing inter-VLAN routing has a default route configured which points to the connection through VLAN 1 to the Internet next hop. That should provide Internet access on each of the VLANs.

I see no need to move the Internet connectivity from VLAN 1 other than the general advice about keeping user traffic separate from management traffic in the native VLAN (which is VLAN 1 by default).

One other aspect to consider, depending on the addressing that you have configured in your network you probably need to do NAT on traffic going to the Internet and need to assure that it will translate user traffic from all VLANs.

HTH

Rick

Community Member

Re: VLAN & Internet Access

since your network has two vlans and you can communicate between then which means that u just have to configure a route for the subinterfces - assuming u have done a router on stick....on the internet interface of router where u have configured inter vlan routing since that currently takes already takes care of routing ur information to the ADSL router...it would be more helpful if u could post the configuration....

HIH

Community Member

Re: VLAN & Internet Access

Thanks for your feedback guys. however i cannot find any similar configuration that can help me with the routing. Here is my setup.

Cisco 1710 - 192.168.1.1

ADSL router (linksys) - 192.168.1.26

VLAN 1: 192.168.1.x

VLAN 2: 192.168.2.x

The only way I get internet to work is as follows:

1. The following ip route is configured on 1710 router.

ip route 0.0.0.0 0.0.0.0 192.168.1.26 255.255.255.0

2. Now on adsl router, I configure a route for each vlan to route internet traffic.

route 192.168.1.0 255.255.255.0 192.168.1.26

route 192.168.2.0 255.255.255.0 192.168.1.26

I am sure there are better ways to configure for this scenario and routing is done only on the cisco 1710 to ensure internet acess for everyone.

rgs

roghen

Re: VLAN & Internet Access

Hi Rsab,

your requirement is, you wanted different vlan pc's to get connected directly to internet, & the ADSL router is residing in vlan 1 & all the pc's are residing in vlan 2, 3 etc.... so simply

jus add "ip route 0.0.0.0 0.0.0.0 vlan 1". & gateway ip address for all the pc's should be respective vlan ip address created in the router.

hope this helps.

don't forget to rate the post.

Community Member

Re: VLAN & Internet Access

hi there,

thx for your response.

however i am a bit confused by the routing given

ip route 0.0.0.0 0.0.0.0 vlan 1 --> Basically everything is routed to vlan 1. Currently vlan 1 default-route is the ip address of ADSL router. That command as given cannot be configured in the router. Guess should be

ip route 0.0.0.0 0.0.0.0 vlan_1_ip_address??

gateway ip address for all the pc's should be respective vlan ip address created in the router. ??? confused with it. PCs in vlan 2 is configured with default gateway of 192.168.2.1. Is this what you are referring to?

thx

Community Member

Re: VLAN & Internet Access

also

wont this routing "ip route 0.0.0.0 0.0.0.0 vlan 1" cause broadcasts from vlan 2, 3, etc..to be transmitted to vlan 1??

Re: VLAN & Internet Access

Hi,

once if you specify the "ip route 0.0.0.0 0.0.0.0 vlan_1_ip_address", & specify the respective gateway ip address to the respective vlan pc's, YES you can reach the internet, but one thing i wanted to know whether the vlans are created in the router or on a seperate switch?

Community Member

Re: VLAN & Internet Access

the vlans are created on sub-interfaces on the router itself.

i.e.

int fastethernet 0.2 --> vlan 2

encap dot1q 2

ip address 192.168.2.1 255.255.255.0

To SUMMARIZE:

To 1710 Router I add:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip default-gateway 192.168.1.26 (192.168.1.26 is ip of adsl router, this is already configured on router)

VLAN 2 PC, configured as:

ip address: 192.168.2.x

mask: 255.255.255.0

Gateway: 192.168.2.1

rgs

roghen

Community Member

Re: VLAN & Internet Access

just tried the above setup but i get a message saying:

ip 192.168.1.1 is ip address of router. does it mean i need to add an ip address, say 192.168.1.2 and assign it as ip address of VLAN 1.is that correct?

Also what will happen to broadcasts on VLAN 2 with the above route. will it be transmitted on VLAN 1?

rgs

Re: VLAN & Internet Access

Hi,

the command should be "ip route 0.0.0.0 0.0.0.0 192.168.1.26" because 192.168.1.26(ur ADSL Router) is pointing towards the internet & NOT "ip route 0.0.0.0 0.0.0.0 192.168.1.1" also remove "ip default-gateway 192.168.1.26"

Community Member

Re: VLAN & Internet Access

thx buddy.

basically its the same as described in my second post above.

I will then need to add the routes described above in my adsl router for people to get access to the internet. Thats is what I am doing currently.

I am looking for a solution whereby I need not add any routing in my adsl router.

Re: VLAN & Internet Access

you need not do any routing in ur adsl router, all u need to do the routing in ur 1700 series router.

Community Member

Re: VLAN & Internet Access

i tested as you say. People in vlan 2 dont get internet access if I dont add the routing below in the adsl router as well.

route 192.168.2.0 255.255.255.0 192.168.1.26

Re: VLAN & Internet Access

Hi,

In ADSL router you need to specify route "192.168.2.0 255.255.255.0 192.168.1.1" same for vlan 3 route "192.168.3.0 255.255.255.0 192.168.1.1"

hope this helps.

rate this post

Hall of Fame Super Gold

Re: VLAN & Internet Access

The statement that no routing is needed in the ADSL router is bad advice and is not true. The ADSL router certainly does need to do some routing. No doubt the ADSL router has a default route pointing out into the Internet. And the ADSL router has in interface in network 192.168.1.0 so it can route to that network. But how will the ADSL router get to the network in VLAN 2 which is 192.168.2.0? The ADSL router must have a route identifying that 192.168.2.0 is reachable through the address on the 1710.

HTH

Rick

Community Member

Re: VLAN & Internet Access

What happens to VLAN 2 broadcast when I add the route described above? Will it be forwarded to VLAN 1?

ip route 0.0.0.0 0.0.0.0 192.168.1.26 ??

Hall of Fame Super Gold

Re: VLAN & Internet Access

Roghen

The VLAN 2 broadcasts are not forwarded to VLAN 1. One of the principles of layer 3 routing is that it establishes a boundary for layer 2 broadcasts. So any broadcast in VLAN 2 is forwarded to every device in VLAN 2 but is not forwarded to any device in VLAN 1.

If you did want broadcasts to be forwarded there is the ip helper-address command which can forward some broadcasts. But by default there is not forwarding of broadcasts from one VLAN to another VLAN.

HTH

Rick

669
Views
0
Helpful
18
Replies
CreatePlease to create content