Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
672
Views
0
Helpful
2
Replies

Create a Vlan just purely access internet

dkhan
Level 1
Level 1

‎03-13-2022 02:54 PM - edited ‎03-13-2022 03:33 PM

Hello everyone,

I am trying to create a VLAN which solely purpose is to access internet. I shouldn’t allow to access other vlans on the same network.

my DHCP sever is on Windows sever 2012 

 

So I got most of the config figure out please let me if I am wrong or right here or if I am missing something. 
switch IP 10.39.0.35

firewall 10.39.0.31

DHCP : 10.39.0.35

selected dhcp scope 10.39.25.0

 

switch config

vlan 35

name Vlan isolated internet access

 

int 1/0/28

switch port mode access 

switch port access Vlan 35

no shut

 

ON firewall ASA 

Int fa0/1.25

encapsulation dot1q.25

ip address 10.39.0.1 255.255.255.0

ip helper address 10.39.0.35

no shut 


question is do I need to use IP ADDRESS command on Vlan aswell or just on ASA FW  interface like the way I did up in my config or do I need to assign two different IP ADDRESS in both Vlan and ASA FW ? 

and ofcourse doing any of this first create the scope on dhcp sever for .25 network.

am I doing this right? 

Labels:
0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎03-13-2022 04:41 PM

Hello,

 

if the ASA does the routing, an IP address there is sufficient. How do you block access from other Vlans ?

0 Helpful

dkhan
Level 1
Level 1
In response to Georg Pauwen

‎03-13-2022 04:43 PM - edited ‎03-13-2022 04:46 PM

With the different network address scheme i.e 10.39.25.0 I am guessing. Or that won’t going to work ??

also that actually confusing me . How will firewall will know how to provide any device connected to Vlan 35 designated ports with the correct IP address scheme. 

 

0 Helpful
Customers Also Viewed These Support Documents