Cisco WS-C3750G-48PS - Provide Internet Access to External Device

IT Technician Newbie · ‎02-17-2024

Hi, I'm pretty new to networking and need some help.

My setup:

Cisco WS-C3750G-48PS is my core switch with multiple VLANs configured.
Network is on subnet: 10.170.x.x

I need to provide internet access to the following device, which is configured on a different 192.168.x.x subnet. (image attached)

Settings

How do I do this bearing in mind the following requirements:
"The PV contractor Watt Energy Saver (WES) will require access to a PV Inverter array installed. For example, there is a weather station installed on the roof, so will need to monitor theoretical performance of the PV array vs. actual. Also if there are any alarms, they will be notified and can access the control system. Will also connect to the gateway internally to view the performance of the PV system.

I want to set-up a PC and monitor showing PV current & historical performance."

1. Want to provide internet access to this system
2. Dont want it to be able to communicate with other devices on network
3. But want to be able to access this
4. The subnet is different to network (10.70.x.x) so how is it possible, without having to install a new router?

balaji.bandi · ‎02-17-2024

First you need to find out on the Router you mentioned that connected to Internet, can do NAT for More IP address like 192.168.0.X/24 and 10.70.x.x network, if that is possible.

then on the Switch - you can create a 2 VLAN - VLAN 10 for 192.168.0.0/24 network and another one for VLAN 20 for 10.70.0.0 network

Create ACL on switch VLAN 20 only can access Internet, Block VLAN 10 IP address.

you need to have routing back from internet router to switch.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

IT Technician Newbie · ‎02-18-2024

I've looked more into this PV system and realised I can change the default IP address to align with my network.

The diagram shows a router but I have a layer 3 switch instead. So I'm hoping to do all the necessary changes on the switch.

So, what is the best course of action?

Setup a new vlan specifically for the PV system, but how do I set it up so it cannot access other devices on my network?

Is this where a private vlan is used?

balaji.bandi · ‎02-18-2024

The diagram shows a router but I have a layer 3 switch instead. So I'm hoping to do all the necessary changes on the switch.

Layer 3 switch have options to configured layer2 also.

Private VLAN, VLAN Separation, Apply ACL for restricted access, you have many choices to choose one what you want to achieve.

Setup a new vlan specifically for the PV system, but how do I set it up so it cannot access other devices on my network?

I have addresses already above post on this. creating another VLAN and give access to Internet (by adding NAT)and create ACL between VLAN to restrict access.

Is this where a private vlan is used?

its all your decision , how you want to manage these devices.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

IT Technician Newbie · ‎02-18-2024

Thanks for the help.

What would you suggest as the best option or maybe the easiest option.

I've no idea on how to create an ACL, so what would be best choice.

balaji.bandi · ‎02-18-2024

Go with different Access VLAN in the same switch

take example of ACL : if the devices in VLAN your PV devices, and other VLAN for other users (example your exiting ip 192.168.1.0/24)

access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip any any
!
int vlan 2
ip access-group 100 in

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help