Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
0
Helpful
2
Replies

how to keep separated 2 identical lans connected to the same router

sisal
Level 1
Level 1

‎11-14-2003 07:07 AM - edited ‎03-02-2019 11:43 AM

I have a "production" lan and a "test" lan that is a perfect clone of the production in terms of hosts, applications and IP addresses.

Of course the 2 lans are completely separated and only the 1st one has an external access.

I would like to grant access to the external world also to the "test" lan using the same router but maintaining completely separated the 2 (identical) environments.

I am not much concerned for the connection between each lan and the external world, but instead by the possibility that the 2 equal lans mix-up their data.

Can I put the 2 lans in 2 different "bridge-groups", and then use IRB with bridging disabled between the 2 groups? Ip routing would be of course permitted.

I am confused and I need some help.

Nat is used on "production" lan between inside fa0/0 and outside ser0/0

here is what i would like to obtain:

192.168.253.0 fa0/0

--------------------\

exactly same lan -->|cisco 2600 |Ser0/0----->

--------------------/

192.168.253.0 fa0/1

can the following work??

interface FastEthernet0/0

ip address 192.168.253.1 255.255.255.0

bridge-group 1

!

interface FastEthernet0/0

ip address 192.168.253.1 255.255.255.0

bridge-group 2

!

interface Serial 0/0

ip address 192.168.254.1 255.255.255.252

!

interface BVI 1 <-----

no ip address

!

bridge irb

!

bridge 1 protocol ieee

bridge 1 route ip

no bridge 1 bridge ip <-----

!

bridge 2 protocol ieee

bridge 2 route ip

no bridge 2 bridge ip <-----

!

the above example has been derived from

http://www.cisco.com/en/US/products/sw/iosswrel/ps1824/products_configuration_guide_chapter09186a0080087a80.html

example n. 36

thanks for any suggestion, indication or example

Labels:
0 Helpful
2 Replies 2

cleroy
Level 1
Level 1

‎11-14-2003 07:45 AM

I think I would rather look at a multipe nat pools solution, using route-map.

Check this out:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml

Hope it helps

0 Helpful

thisisshanky
Level 11
Level 11

‎11-14-2003 08:55 AM

Am not sure what switch you are using. But if you use 3550 (or 2950) you can enable private vlans. You can configure isolated private vlans, so that the two lans talk only to the router and not to each other.

http://www.cisco.com/warp/public/473/90.shtml

When you configure private vlans, the devices in the isolated vlans cannot talk to other isolated vlans.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful
Customers Also Viewed These Support Documents