Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Add new VLAN

Hi all

I need help to create one new vlan that should not be reachable with any other vlan. All traffic from this vlan should be routed to dsl-internet router

vlan subnet - 192.168.200.0 255.255.255.0
DSL Router IP : 192.168.200.253 255.255.255.0

users on this subnet wil only access internet

current configuration

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname HQSACOREGW

! service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname BB0
!

interface Loopback0
ip address 172.20.20.1 255.255.255.255

interface Loopback1
ip address 172.20.20.2 255.255.255.255


interface Vlan2
description IT Users
ip address 172.20.25.254 255.255.255.0
ip helper-address 192.168.1.100


interface vlan3
description Server
ip address 192.168.1.254 255.255.255.0


interface vlan 4
description network devices
ip address 192.168.2.254 255.255.255.0

interface vlan 5
description vpn_router
ip address 172.20.26.1 255.255.255.248

interface vlan 6
description Connected to Building2
ip address 172.20.26.9 255.255.255.248


interface vlan 7
descripiton connected to IDN
ip address 172.20.26.17 255.255.255.248

interface vlan 8
description connected to Firewall
ip address 172.20.26.25 255.255.255.248


router ospf 5
redistribute connected subnets
redistribute static subnets
network 172.20.25.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 172.20.26.1 0.0.0.0 area 0
network 172.20.26.9 0.0.0.0 area 0
network 172.20.26.17 0.0.0.0 area 0
network 172.20.26.25 0.0.0.0 area 0
network 172.20.20.1 0.0.0.0 area 0
network 172.20.20.2 0.0.0.0 area 0

ip route 0.0.0.0 0.0.0.0 172.20.26.26
ip route 10.10.10.0 255.255.255.0 172.20.26.2
ip route 10.10.20.0 255.255.255.0 172.20.26.2
ip route 10.10.100.0 255.255.255.0 172.20.26.2

thank you all

Paul

Everyone's tags (3)
5 REPLIES

Add new VLAN

Paul,

Is a standard acl acceptable to you? You could deny access from this subnet to any other private subnet and then allow them to go anywhere else. You'd apply it on the vlan interface:

vlan 500

ip address 192.168.50.1

ip access-group 101 in

access-list 101 deny ip any 10.0.0.0 0.255.255.255

access-list 101 deny ip any 172.16.0.0 0.15.255.255

access-list 101 deny ip any 192.168.0.0 0.0.0.255

access-list 101 permit ip any any

HTH,

John

HTH, John *** Please rate all useful posts ***

Add new VLAN

Hi Paul,

Please read this thread, there is a working solution already found on this below thread.

https://supportforums.cisco.com/thread/2131688

Please rate helpful post

thanks

New Member

Add new VLAN

Hi all

rizwanr74 -> my requirement is different then the link

John  thanks mate for supporting the post, my default route is to send all traffic to firewall-box then how to send new vlan traffic to new DSL Router.  i also dont want new vlan to use our existing local dns server in vlan3 but use ISP DNS or DSL router ip as dns resolver.  If I add new vlan then i need to update the access-list 101, so standard or extended acl easy to change.

thank you all

Paul

Add new VLAN

Hi,

does your IOS support VRFs?

If yes, I'd create a new VRF for the new subnet. You could use a separated routing table for it then.

HTH,

Milan

New Member

Add new VLAN

VRF not supported. New subnet hits the firewall-box but traffic is not routed to new-DSL-router.

707
Views
0
Helpful
5
Replies