05-23-2014 12:42 AM - edited 03-04-2019 11:01 PM
Hi everyone.
Ive been working on a bit of a side experiment at home while im studying as im quite keen to study cisco.
Ive learnt a little bit of cisco at my collage but my full study on Cisco CCNA doesn’t start for several weeks yet.
I'm trying to create 2 vlans and isolate them for security purposes so that one cannot access the other, as one of the vlan's will have computers connected to it that contain sensitive information. The other, will be a wifi system that enables people to connect to it so that they can use the internet.
I’m thinking of using a a cisco 3560 layer 3 switch.
The 3560 needs to be connected to an existing DSL modem router, and the whole point of this system is so that I can share the one internet connection between two vlans, but prevent people using the wifi system accessing the other vlan that has sensitive data on it.
Ive been at this for several days now I cant work it out. Ive been trying to work it out in Cisco packet tracer first before purchasing the equipment.
I cant seem to work out the last little bit where you can configure the switch to route internet traffic to the port that the DSL Modem router is connected to.
Im using another generic router in packet tracer to simulate a DSL modem router as packet tracer doesn’t really have dsl modems with a router inside. As mentioned I have an existing dsl modem router I wish to use on this experiment.
Ive tried to create some Vlans, and add a the vlans internal router ip by using the commands,
For example:
Vlan 2
Int range fa0/2
Name adsl
Exit
Int vlan 2
Ip address 192.168.2.1 255.255.255.0
Ive been also enabling DHCP to work for the Wifi and the computer network – which has been working ok.
Heres a show run:
Switch>
Switch>en
Switch#show run
Building configuration...
Current configuration : 1440 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
!
!
!
!
ip dhcp pool office
network 192.168.3.0 255.255.255.0
default-router 192.168.1.1
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
no switchport
no ip address
duplex auto
speed auto
!
interface FastEthernet0/3
switchport access vlan 3
!
interface FastEthernet0/4
switchport access vlan 4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
!
interface Vlan4
ip address 192.168.4.1 255.255.255.0
!
ip classless
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
So just recapping
The scenario is that I have a DSL telephone modem router that I wish to connect into a Cisco 3560 switch.
I want to share the internet connection from the DSL modem, to share between two isolated networks (vlans) , they are separated for security purposes, but they both share the internet connection.
Im trying to work out the last little commands to be able to route data form the networks to the DSL modem and back.
I’m aware that I may have to add some static routes form the DSL modem as well in the GUI interface.
I’m plotting this out first in packet tracer.
If anyone is able to help me out id really appreciate it.
Thankyou so much.
05-23-2014 01:40 AM
You would need to connect the DSL modem router to one of the VLAN’s let’s say VLAN2. So it will need an IP address in that range e.g. 192.168.2.2.
You will also need to add some static routes to the DSL router so it knows where your other LAN subnets are via your Cisco switch e.g.:
192.168.3.0/24 and 192.168.4.0/24 via 192.168.2.1.
From the switch you need a default route to the internet via your DSL router:
ip route 0.0.0.0 0.0.0.0 192.168.2.2
If you want to stop the PC’s in the VLAN’s talking to each other you will need some access lists applied to the VLAN interfaces to block the traffic.
Hope that helps!
Matty
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide