Errm , because I'm a numpty who didn't think of it? ;)  I was focusing so much on the router I forgot the switches already have the capability (wood, trees).

(Note to self, layer 3 switch means it's a router you pillock!)

I assume I set it up pretty much the same way I set up the router originally when I got it routing via NAT?  Port in on original subnet (in this case all of the switches ports as it's not a one in one out like the router), port out on different subnet, etc?

Not 100% sure how to do this without NAT (as I'd prefer not to NAT from switch to router then router to my main network) but I imagine if I go back over my notes it's pretty much the same config just with no NAT and a static external rather than DHCP. :)

I'm going to leave this not marked as correct for a little bit just in case someone also comes back with a 'go here and you can update the router', which I'd like to do anyway.  But assuming no answers of that type I think we've got it. :)

No problem, have done a similar things myself many times :)

Firstly I am not sure I understand the point about connecting the router to the switch. On most L3 switches you can have SVIs ("int vlan x") and the ports assigned to vlans or you can make a port a L3 port ie. "no switchport" and then assign an IP directly.

So I was suggesting a dedicated subnet between the switch and router and then you run a routing protocol or use statics.

In terms of NAT, again not clear, but just be aware nearly all Cisco switches don't support it.

In terms of updating the router have you tried to configure routing on a stick on it because you don't need to create the vlans first if I remember correctly.

Jon

Ok, so you know where I am.  I have three (well more, I even have one of the 1700 series (I think) phone system units)  but three in use) pieces of cisco kit and it's all for learning\doing lab work as I know HP but have little experience with Cisco and would like to add a CCNA to my bow.

I've segmented it off of the home network but am natting from the lab to the home network so I can both simulate logging on from the outside and so my lab can connect to the internet if needed.

So the physical layout is:

2126XM 2 port unit

  |

3600 24 port 10\100 with 2 Gigabit GBICS

 ||                               |     |     |

 ||                           10\100 Clients 

3600 24 port Gigabit switch

   ||          ||                 |     |      |

SAN   Hyper-V           Clients

So I need natting from the lab to the main network (which I assumed only the router can do), and the VLANs are just lab play.

I assumed I needed the router to understand the VLANs so I could set the ports to a VLAN trunk (as I have on the link between the two switches).

Now I'm trying new things as I learn new concepts and it may be that's hindering me a little as I'm layering on ideas as I go and backing up and starting from scratch might be a better bet.

It's sort of why I didn't think of your solution.  Started with the switches connected to the router on a flat subnet (no VLANs) and it all worked 100%.  Then after adding VLANs I hit a snag and my first thought was 'fixing' the problem piece of kit.

But bottom line this is a lab setup so a total nuke, reinstall and different way of handling the solution is always an option. :)

Your setup is fine as it is really.

I would then use a L3 connection between the top switch and the router and use NAT on the router as you suggest.

You are more likely to see this type of connectivity between the switch and the router in the real world than you are to see routing on a stick which is usually only used when you don't have any L3 switches in your LAN.

Jon

Thanks.  It's nice to know I'm on the right track.  Once I've finished training for the day (Rassin' frassin' Security+ ;) ) I'll pop home, spin up the lab and give it a try.

Any problems when you do just post back into this thread.

Jon