My network has 2 VLANs at the moment, planning to add more.Lets say for now vlan 1 & 2. My internet router is found in VLAN 1. Inter-VLAN routing has been configured on a Cisco 1710 and works fine in our network.
1) How to make those in VLAN 2 access the internet through ADSL router in VLAN 1? What ip route to configure?
(Just a quick note, some other ports we should enable for internet access: pop3 110, smtp 25)
2) Would it be easier to shift the ADSL router to a different VLAN as I add vlan 3, 4 ,etc?
If inter-VLAN routing is configured and is working ok then you should make sure that the router that is doing inter-VLAN routing has a default route configured which points to the connection through VLAN 1 to the Internet next hop. That should provide Internet access on each of the VLANs.
I see no need to move the Internet connectivity from VLAN 1 other than the general advice about keeping user traffic separate from management traffic in the native VLAN (which is VLAN 1 by default).
One other aspect to consider, depending on the addressing that you have configured in your network you probably need to do NAT on traffic going to the Internet and need to assure that it will translate user traffic from all VLANs.
since your network has two vlans and you can communicate between then which means that u just have to configure a route for the subinterfces - assuming u have done a router on stick....on the internet interface of router where u have configured inter vlan routing since that currently takes already takes care of routing ur information to the ADSL router...it would be more helpful if u could post the configuration....
Thanks for your feedback guys. however i cannot find any similar configuration that can help me with the routing. Here is my setup.
Cisco 1710 - 192.168.1.1
ADSL router (linksys) - 192.168.1.26
VLAN 1: 192.168.1.x
VLAN 2: 192.168.2.x
The only way I get internet to work is as follows:
1. The following ip route is configured on 1710 router.
ip route 0.0.0.0 0.0.0.0 192.168.1.26 255.255.255.0
2. Now on adsl router, I configure a route for each vlan to route internet traffic.
route 192.168.1.0 255.255.255.0 192.168.1.26
route 192.168.2.0 255.255.255.0 192.168.1.26
I am sure there are better ways to configure for this scenario and routing is done only on the cisco 1710 to ensure internet acess for everyone.
your requirement is, you wanted different vlan pc's to get connected directly to internet, & the ADSL router is residing in vlan 1 & all the pc's are residing in vlan 2, 3 etc.... so simply
jus add "ip route 0.0.0.0 0.0.0.0 vlan 1". & gateway ip address for all the pc's should be respective vlan ip address created in the router.
hope this helps.
don't forget to rate the post.
thx for your response.
however i am a bit confused by the routing given
ip route 0.0.0.0 0.0.0.0 vlan 1 --> Basically everything is routed to vlan 1. Currently vlan 1 default-route is the ip address of ADSL router. That command as given cannot be configured in the router. Guess should be
ip route 0.0.0.0 0.0.0.0 vlan_1_ip_address??
gateway ip address for all the pc's should be respective vlan ip address created in the router. ??? confused with it. PCs in vlan 2 is configured with default gateway of 192.168.2.1. Is this what you are referring to?
once if you specify the "ip route 0.0.0.0 0.0.0.0 vlan_1_ip_address", & specify the respective gateway ip address to the respective vlan pc's, YES you can reach the internet, but one thing i wanted to know whether the vlans are created in the router or on a seperate switch?
the vlans are created on sub-interfaces on the router itself.
int fastethernet 0.2 --> vlan 2
encap dot1q 2
ip address 192.168.2.1 255.255.255.0
To 1710 Router I add:
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip default-gateway 192.168.1.26 (192.168.1.26 is ip of adsl router, this is already configured on router)
VLAN 2 PC, configured as:
ip address: 192.168.2.x
just tried the above setup but i get a message saying:
ip 192.168.1.1 is ip address of router. does it mean i need to add an ip address, say 192.168.1.2 and assign it as ip address of VLAN 1.is that correct?
Also what will happen to broadcasts on VLAN 2 with the above route. will it be transmitted on VLAN 1?
the command should be "ip route 0.0.0.0 0.0.0.0 192.168.1.26" because 192.168.1.26(ur ADSL Router) is pointing towards the internet & NOT "ip route 0.0.0.0 0.0.0.0 192.168.1.1" also remove "ip default-gateway 192.168.1.26"
basically its the same as described in my second post above.
I will then need to add the routes described above in my adsl router for people to get access to the internet. Thats is what I am doing currently.
I am looking for a solution whereby I need not add any routing in my adsl router.
i tested as you say. People in vlan 2 dont get internet access if I dont add the routing below in the adsl router as well.
route 192.168.2.0 255.255.255.0 192.168.1.26
In ADSL router you need to specify route "192.168.2.0 255.255.255.0 192.168.1.1" same for vlan 3 route "192.168.3.0 255.255.255.0 192.168.1.1"
hope this helps.
rate this post
The statement that no routing is needed in the ADSL router is bad advice and is not true. The ADSL router certainly does need to do some routing. No doubt the ADSL router has a default route pointing out into the Internet. And the ADSL router has in interface in network 192.168.1.0 so it can route to that network. But how will the ADSL router get to the network in VLAN 2 which is 192.168.2.0? The ADSL router must have a route identifying that 192.168.2.0 is reachable through the address on the 1710.
What happens to VLAN 2 broadcast when I add the route described above? Will it be forwarded to VLAN 1?
ip route 0.0.0.0 0.0.0.0 192.168.1.26 ??
The VLAN 2 broadcasts are not forwarded to VLAN 1. One of the principles of layer 3 routing is that it establishes a boundary for layer 2 broadcasts. So any broadcast in VLAN 2 is forwarded to every device in VLAN 2 but is not forwarded to any device in VLAN 1.
If you did want broadcasts to be forwarded there is the ip helper-address command which can forward some broadcasts. But by default there is not forwarding of broadcasts from one VLAN to another VLAN.