Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
933
Views
0
Helpful
3
Replies

C3750, Multiple VLANS, One ISP

mark.waldron
Level 1
Level 1

‎08-21-2014 07:48 PM - edited ‎03-07-2019 08:29 PM

Hello all,

I am not a networking guy, so please bear with me.

I have a Cisco 3750 and would like to set up separate networks for a lab, but there is only one gateway (garden-variety Netgear router, a WNDR3700v3) to the Inet.

In my inexperienced mind, I am thinking VLANS are isolated networks, so I envisioned VLANS that would allow:

1) Normal LAN, for general systems, DHCP would be nice, but static IPs are fine, NATted Inet access.

2) Lab network A, research, with occasional risky behavior, DHCP would be nice, but static IPs are fine, NATted Inet access.

3) Lab nework B, malware research/detonation, DHCP would be nice, but static IPs are fine, NATted Inet access.

4) Lab network C, malware remediation, DHCP would be nice, but static IPs are fine, NATted Inet access.

Crude topology would be:

Inet > Netgear router > c3750 > Unmanaged Gb switch > System 1, 2, 3...

Each network would have an unmanaged Gb switch connected to what I thought could be a port with one of the above assigned VLANs (1,2,3, or 4) on the 3750. So, the 3750 would have 4 unmanaged Gb switches that it could separate traffic for, and aggregate traffic to/from the Inet to all 4 netowrks.

I don't want any of the networks to be able to see or communicate with each other at all. Total separation, but share the Inet connection, NATted, like most home ISP connections do.

Is this feasible with a 3750? I have access to an HP ProCurve 2626 and a Dell PowerConnect 3324 if those would be more suitable. I was just hoping to get a bit of Cisco IOS experience, so the 3750 was my first choice to try with.

Please let me know your thoughts. I am not concerned with being dead wrong...its how I learn... ;)

 

 

Labels:
0 Helpful
3 Replies 3

SANTHOSHKUMAR SARAVANAN
Level 4
Level 4

‎08-21-2014 08:10 PM

Hi ,

  Bottle neck on your design is your net gear router , which can perfrom NAT/PAT only for one network subnet . 

If you net gear router support PAT/NAT for Multiple subnet , Your above design should work fine 

1) Add default route on your L3 Switch Pointing to your Netgear router

2) Add reverse router on your net gear router pointing to Interface/SVI ip address connecting to Switch

3) Create Access-list on each SVI-VLAN created on your Cisco 3750 switch deny access between VLAN, allowing rest other

 

HTH

Sandy

 

0 Helpful

mark.waldron
Level 1
Level 1
In response to SANTHOSHKUMAR SARAVANAN

‎08-24-2014 04:02 PM

Thanks Sandy, that was the kind of insight I was hoping for as i wasn't considering the NAT capability of  my router for multple networks.

I just picked out a MikroTik routerboard that will allow for multi-NAT. I can just cable my networks physically, and not use the VLAN capability of the c3750 at all.

0 Helpful

SANTHOSHKUMAR SARAVANAN
Level 4
Level 4
In response to mark.waldron

‎08-24-2014 06:57 PM

Hi Mark ,

If your MikroTik support sub-interface along with dotq encapsulation , you can have trunk link between your cisco switch to MikroTik router , 

For Trunked VLANs , you can have VLAN created on your 3750 switches . 

 

HTH

Sandy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card