Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
616
Views
9
Helpful
6
Replies

Help setting up two LANs on one IAD2431

schreibzeug
Level 1
Level 1

‎03-01-2006 04:10 PM - edited ‎03-03-2019 11:55 AM

Hoping someone can help me. We just recieved a new T1 line into our office with a IAD 2431 from the ISP. The 2431 has only one LAN port.

We have two offices in our building with separate networks. Primary network (same location as the 2431) is using an SMC VPN/Router and separate SMC Switch. Router is direct to the 2431 at the moment.

The second office is using a small router to support 6 users and connect to a isdn line.

We would like to share the T1 internet access with the second office and keep the router they are using at thier location. We need thier network to be completely separate (secure) from the primary network but have access to the internet over the T1.

What is the best way to accomplish this? There is a IAD2432 with two LAN ports, but our ISP does not supply these. Also, is there a way to limit or prioritize the bandwidth giving preference to the primary office?

Of course we are looking for the least expensive solution. :)

Thanks for helping an amature

Labels:
0 Helpful
6 Replies 6

pkhatri
Level 11
Level 11

‎03-01-2006 04:45 PM

Howdy,

I believe that 2431 supports 802.1q encapsulation on the fastethernet port. Therefore, what you can do it to connect the second office to the switch at your primary location. Then, configure the switch so that the connections to the primary network and those to the secondary network are on separate VLANs on the switch. For example, use VLAN 100 for all connections to the primary site devices and use VLAN 200 for all connections to the secondary site devices.

Then, configure your IAD as such:

interface fast.100

ip address x.x.x.x ....

encapsulation dot1q 100

!

interface fast.200

ip address x.x.x.x ....

encapsulation dot1q 200

!

You will have to configure routes on the 2431 that point to the two networks....

Start off with that and see how you go.

Hope that helps - pls rate the post if it does.

Paresh

v

schreibzeug
Level 1
Level 1
In response to pkhatri

‎03-01-2006 07:13 PM

Thanks for the quick reply.

So I messed around with our switch and it seems setting up the VLAN on the switch is pretty straight forward. I like the QOS selection too- I can give the primary office network priority. So far so good.

This puts both networks behind the same firewall/router. I need to offer some level of security between the two networks. I dont deem the secondary network as a major security risk but the primary network has requirements for classified documents.

If I understand correctly, I can configure the IAD for the two VLANs as well? What significance does this have?

Thanks,

Kent

0 Helpful

pkhatri
Level 11
Level 11
In response to schreibzeug

‎03-01-2006 07:17 PM

Hi Kent,

The config I supplied in my first post is what configures the IAD for the 2 VLANs. You need to do this in order to get the traffic separation you want.

Now, in order to provide the security that you require, I would configure inbound access-lists on both of the fastethernet sub-interfaces on the IAD. Configure the ACLs so that they prohibit traffic from each segment from entering the other segment.

That should do it.

Hope that helps - pls rate the post if it does.

Paresh

schreibzeug
Level 1
Level 1
In response to pkhatri

‎03-01-2006 09:24 PM

Thanks Paresh,

I am still reading up on the IAD configs for the VLANs and the ACL. I might have to get our ISP who manages the IAD to make those changes. But it's nice to know what is going on.

I attached a small diagram how I think things should look. Let me know what you think. We only have one line drop to the secondary office so they will require an additional switch.

BTW, I am a contracts & sales admin for a DOD Satcom contractor. Mainly RF over fiber. Way out of my comfort zone but enjoying the education.

Kent

0 Helpful

schreibzeug
Level 1
Level 1
In response to schreibzeug

‎03-01-2006 09:25 PM

forgot attachment...

Preview file
25 KB
0 Helpful

pkhatri
Level 11
Level 11
In response to schreibzeug

‎03-01-2006 09:38 PM

I see a slight problem with the solution so far. I did not realise that you had a firewall between the IAD and the switch. That is going to mean that you cannot extend the VLANs out to the IAD. However, that does not mean that all is lost. You have to verify whether the SMC Firewall (which I am not familiar with) is capable of terminating dot1q trunks. If that is the case, you can simply move the functionality we were hoping to configure on the IAD to the SMC.

Paresh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card