Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
570
Views
0
Helpful
1
Replies

sf-300, as router WAN/LAN isolation

cesar.syscom11
Level 1
Level 1

‎02-10-2016 09:21 AM - edited ‎03-05-2019 03:19 AM

Hello 

I will appreciate any help on this case, my goal its to setup an sf302-08 as DHCP server for ports 1-8(VLAN2), and also give them internet access. 

What i have done:    Switch on L3 mode, DHCP server enabled

  default VLAN1 (static 192.168.1.1),  pool 192.168.1.1   -  250

VLAN2 (static 192.168.20.1), pool 192.168.20.1 -  250

Ports 1 - 8 (untagged on VLAN2)

so far now if i plug a client hosts to ports 1-8  i'm getting IP addresses from VLAN2 pool (192.168.20.1),

BUT, if i plug my internet modem(WAN) to 1 - 8 , the hosts plugged in sf-302 will get IPs from the modem (ex. 192.168.14.1) and internet access.

My question, how could i "isolate" WAN from LAN, at least dhcp servers, and keep the internet access to hosts.

Thanks!

Labels:
0 Helpful
1 Reply 1

Pedro Lereno
Level 1
Level 1

‎02-25-2016 03:37 AM

Hi Cesar,

Did you tried to deactivate the dhcp server functionality on the router, give an ip address of vlan 2 to the router on the LAN side and give the default route on the switch to lan ip of the router:

ip route 0.0.0.0 0.0.0.0 192.168.20.1   // example ip address of the router 192.168.20.1  

Or in alternative configure the "default-router 192.168.20.1" on the dhcp pool of vlan 2. This will prevent vlan 1 to access the internet unless you configure a static route on the router to access vlan 1.

I hope this can help!

Best Regards,

Pedro Lereno

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card