891f as a Bridge/Gateway for 2 separate internal networks

fbeye · ‎01-02-2021

So I have managed to do this on my ASA 5508-X using Interfaces 7 and 8 but am a little confused if this is possible on the 891f.

I have 2 Wi-Fi Routers in the home, one with a 10.0.1.x subnet and one with a 10.0.2.x subnet. There are two because one is hardcoded as a VPN Client offshore and one is open for home use. I have a NAS on the 10.0.2.115 that I want to be accessible internally on the 10.0.1.x subnet.

I would prefer to keep, lets say, Interface GE 6 and GE 7 as the two interfaces to use and to keep them away from connecting on each others internet access.. Like I wouldn't want 10.0.1.x to use 10.0.2.x external IP address, if that would be possible.

In my head I would create a zone-member security INTERNAL and attach GE 6 and 7 to that and then add access from GE6 (10.0.1.x) to GE7 (10.0.2.115) Port, whatever the NAS is on.

If I am correct at this point;

How do I go about assigning or configuring either GE 6/7 to accept the already preconfigured IP/Subnet from the other 2 existing Routers? Would I hardcode GE 6 as, lets say, 10.0.1.110 with Gateway 10.0.1.1 and GE 7 as 10.0.2.110 with Gateway 10.0.2.1 and then create 2 IP Routes on the Cisco?

If I am not correct at this point;

Is what I am wanting to do making sense and is it possible?

Thank you!

Georg Pauwen · ‎01-02-2021

Hello,

post a schematic drawing of your topology. That makes it easier to understand your setup, and what you are trying to accomplish.

fbeye · ‎01-02-2021

So in reiterating I want to express that I am indeed going to use one of my Catalyst L3 Switches do do this so I have free Interfaces on my 891f but I was looking at my 5508-X and was looking at the configuration for how I was currently doing this and all I can see is this;

interface GigabitEthernet1/7
description Open
nameif Open
security-level 90
ip address 10.0.1.115 255.255.255.0
!
interface GigabitEthernet1/8
description NAS
nameif NAS
security-level 90
ip address 10.0.2.115 255.255.255.0

and then, which I assume is needed;

same-security-traffic permit intra-interface

This is all I see pertaining to the scenario I am talking about so how does this config work on a L3? I assume it is configured as I had already mentioned earlier.. I hope.

balaji.bandi · ‎01-02-2021

2 Wi-Fi Routers in the home - means this connected to 2 ISP or only wifi routers? how many ISP connections you have.

Do you have simple diagram to understand,

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

fbeye · ‎01-02-2021

Sent.

Also, I am open to buying a L3 Switch (GB) that I can use instead of taking 2 ports off of the 891f

fbeye · ‎01-02-2021

balaji.bandi · ‎01-02-2021

Rather using Port On router 891. i would suggest adding a small switch with VLAN a Layer3 SVI, so traffic will be router internally, instead of going out and coming in,

Your user's device connects to Switch, so 10.0.2X and 10,0.1X can be communicated.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

fbeye · ‎01-02-2021

Makes perfect sense about using a L3 with VLAN and having it route together internally and that is what I will do.

I suppose it would reflect a CCNA Lab where I am connecting 2 routers and 2 switches together and having them all communicate.

With that being said, am I annoying to still want to know if its possible to do this on the 891f for knowledge or is it just not realistic and practical under any situation?

Georg Pauwen · ‎01-02-2021

Hello,

not really sure I fully understand that drawing, but why don't you just create the two SVI (Vlan) interfaces on the 891F ?

fbeye · ‎01-02-2021

I am no artist.. I apologize

891f (207.108.x.182)

|

--- GE0

|

----Home WiFI (207.108.x.177)

|

---- 10.0.1.1 (Gateway for LAN)

|

--- GE1

|

----VPN WiFi (207.108.x.178)

|

---- 10.0.2.1 (GatEway for LAN)

I want anything on 10.0.1.x to connect to the NAS on 10.0.2.115 (10.0.2.x) only, no Internet.

Maybe I am just too confusing at describing.. But going to what you mention to create 2 SVI Interfaces, that would take me back to my initial question as to how? I can try to do it like I did my home lab connecting the 2 1911's to 2 2960's and have them interconnect. But with that said I also do agree that I should use a L3 Switch and not use up my ports on the 891.

balaji.bandi · ‎01-02-2021

It can be done, but why do we do over-engineering when not required, when you can simplify the setup and easy to diagnosis and setup with switch and demarcation correctly between Local network and external network.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

fbeye · ‎01-02-2021

I understand completely. Thank you.

fbeye · ‎01-04-2021

Would this link describe and illustrate what I will need to do to bridge/connect Router 1’s 10.1.1.x Subnet to Router 2’s 10.1.2.x Subnet?

I’m just not sure how this would exclude these interfaces from Internet access or even allow them to communicate on the Router. Would I need an ACL?

As I mentioned I am more interested in doing this on a L3 switch but for now I do now have one so for the sake of getting this working I will attempt in the 891.

balaji.bandi · ‎01-04-2021

For now deploy with Switch to meet the requirement,

if you like to do with 891 router post full configuration we can look and suggest.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

fbeye · ‎01-04-2021

For sure. Just ordered a Catalyst L3 Switch and should be here by Friday.. Ill attempt on my own with both of the responders input as guidance and then update you. thank you.