Hi i have a network basic design.Actually we have a router,one core swtich and 29 access swtiches.All the access swtiched connecting to core swtich via Fibre.Here the user id only going to connect to internet.Please provide what the informations need to be configured in router,core switch and access switch and also the routing required to the access internet.And natting rule if required.Please help me as this is very urgent.Thanks in advance.
Let us know the model number of the core and the access layer switches.
To fit in this design let us start with the access layer first.If we are running multiple vlans on the network access layer then you have to trunk the interface connecting to the core switch. You have to configure inter-vlan routing on the core switch, if its a layer 3 switch.Otherwise we have to set it on router.
Once we have all the intervlan-routing working fine, then point a default route towards the router connected to the core switch.
ip route 0.0.0.0 0.0.0.0
You also have to add the reverse routes for all the vlans on the router to forward the traffic back to the vlans.
ip route x.x.x.0 255.255.255.0 --> where x.x.x.x is the vlan ip range
Then the last and the final this is to configure the NAT on teh router to allow the internal ip addresses to be PAT on the outside interface to a global IP. Please follow the link below of Dynaimic NAT configuration.
If you have a huge network, i would suggest you use Vlans and have you user traffic separated as per the different departments on the network. This will give your layer2 Vlan security, broadcast containment of the local vlan within the segment, more control on the routing and network resource access, control on the users accesbility over the network. Connect the AP's using as trunk ports to the switches and have the users work in their respective vlans.
You can configure different vlan Ip address segment as you like.The IP address on the router interface and the core switch has to be a separate subnet it will be another private range of Ip addressing. for example 192.168.1.1/24 on the router interface and 192.168.1.2/24 on teh core switch interface.
Amit still to be more clear this project is for a residential buliding where they provide internet connectivity.Suppose if i say i create a vlan for first 15 floors and the remaining another vlan.Say vlan1 and vlan2.I will create two vlan interface on the core switch and i will assign the trucnk port for first 15 floors in VLAN2 and remaining in VLAN 3.Also route both vlan interface traffic to router serial interface.Am i right?Correct me if i am wrong.
You are closer to it. The way it will work is that you will assign the switch ports to their respective vlans that you want. Then configure the ports on the core switch connecting to the access switch as trunk ports.
int fa x/y
switchport trunk encapsulation dot1q
switchport mode trunk
If your Core switch is a layer 3 switch, then you have to just create the Switch virtual Interface (SVI) i.e layer3 interfaces on the switch like
int vlan 1
ip address x.x.x.x y.y.y.y
int vlan 2
ip address z.z.z.z c.c.c.c
This enable routing between the vlans on the switch.
If your core switch is layer 2 only then we have to do inter-vlan routing on the router. Just configure the port connected to the router as trunk port on the switch and then configure the sub-interfaces on the router like
interface fa 0/1.1
encapsulation dot1q 1
ip address x.x.x.1 255.255.255.0
interface fa 0/1.2
encapsulation dot1q 2
ip address y.y.y.1 255.255.255.0
This will take care of the routing part on your whole network. then configure the NAT and you will be good to go.
Please read the documentation below of more insight to it.
Amit it really helped me a lot.Thanks.Last and final question.If the serial interface has the public ip and the privte traffic has to be routedDo we have to use any routing protocol.Say if the serial interface connectiong to internet has 126.96.36.199. and the internal is as said before.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...