C3750G-24T-S configure to ISP Gateway

double00kevin · ‎05-14-2019

I've got a WS-C3750G-24T-S and was thinking about throwing it on my home network to play with. From my ISP, I have a static IP with a modem/wireless router (gateway) with only 4 ethernet ports. I definitely need more, so I thought this may be the way to go and kill a few birds with one stone.

I would like to configure this switch with a few vlans, maybe some intervlan traffic.......if I had 4 vlans, and wanted intervlan traffic across all but one if the vlans (for a lab config of sorts???) thats possible as well isnt it?

I do have a very basic understanding and have been able to get a few switches up and running the way I wanted them in the past......but, thats been a minute and my old brain isnt what it used to be. So any nudge in the right direction would be greatly appreciated

Seb Rupik · ‎05-14-2019

Hi there,

It is very likely your ISP modem will not support routing additional subnets not understand VLAN tags, so you are right in placing all of the routing function on the 3750. What you will need is a single point-to-point VLAN to go between the switch and the ISP modem.

The 3750 does not support NAT, so hopefully your ISP modem can be configured to translate the new subnets which are being routed on the 3750. Also, hopefully your ISP modem can have static routes configured directing traffic destined to the 3750 routed subnets toward the 3750 end of the point-to-point link.

If you cannot edit the NAT or routing, then your idea may not be possible without the use of a firewall/ router to sit between the ISP modem and the 3750.

cheers,
Seb.

double00kevin · ‎05-14-2019

Seb,

Thanks for the info!! I was wondering if my ISP modem would be the "downfall". I do have a Cisco 5510 ASA firewall that I may be able to utilize???.......I just gotta find it in my mountain of junk. Never even turned that thing on though but that would definitely help in the "learning" department.

Seb Rupik · ‎05-14-2019

Yes, the 5510, although a bit big for a home setup (for me at least!) would fix the possible problems.

You would configure it with two interfaces, INSIDE/ OUTSIDE.

OUTSIDE would be connected to the ISP modem.

INSIDE would be a point-to-point link to the 3750 which would be routing your other 'inside' subnets. The ASA would need to have a static route directed at the 3750 end of the INSIDE subnet for the other 'inside' subnets.

The ASA would also be configured for NAT of all the inside subnets.

cheers,

Seb.

double00kevin · ‎05-14-2019

Roger that,

I'm going to hunt it down this weekend. In the meantime, I could still set this switch up and create one vlan (say vlan 10), and when I find my firewall (or look for better alternatives), set up more vlans?

Seb Rupik · ‎05-14-2019

Yes, just connect it the ISP mode as an access port:

!
int gix/x/x
  desc TO_ISP_MODEM
  switchport mode access
  switchport access vlan 10
  spanning-tree portfast
!

Let us know when you have the ASA hooked up and post any additional questions on the forum.

Don't forget to mark helpful posts ;)

cheers,

Seb.

double00kevin · ‎05-14-2019

Seb,

Thanks for all the help and will definitely turn to you guys for guidance on the firewall.

Thanks again!!

balaji.bandi · ‎05-14-2019

yes if you have 5510 you can use for NAT for your LAN

So your setup high level look as

ISP Modem----FW---Switch---user PC

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

double00kevin · ‎05-14-2019

You are correct on the "high level" look.