Thank you for your answer.

this is public to public..

I have 2 blocks of addresses that i want to use..

My question is how i config it in my switch..

Hi

As Joseph mentioned the switches dont support NAT, can we know the reason to connect the ISP on this switch? or the main purpose?

Hey,

I will explain

I have two outside ip rangs with diffrent subnets.

And i want connect the hosts direct to this network (without use internal network)

This is posible?

ISP (2 public networks) -> switch -> hosts (every host assign with public IP)

so i dont need NAT, right?

If so, how i do that?

Thank you!

HI !

Can you please check this one i hope it will help you 

Thanks 

CRaju

Hi

Yes, that is possible but not recommended by security and it is not a scalable way to use the public IP addresses, a NAT should be used. But you can assign public IP address to your host:

The configuration should be:

1. 37.19.125.xxx with subnet 255.255.255.224

2. 37.19.126.xxx with subnet 255.255.255.240

Example:

SWITCH:

Vlan 125
name RANGE1

vlan 126
name RANGE2

vlan 777
name NATIVE-VLAN

Imagine you are going to use intervlan routing, the provider should configure subinterfaces on its router to communicate with the vlans, for example:

interface g1/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 777
no shutdown

* If you are going to use a different native vlan than 1, the provider should configure it on their end as well.

Then you configure the switchport to be used for the hosts, on the hosts you should configure the IP address manually and use public DNS.

int g1/2
description HOST-VLAN125
switchport host
switchport access vlan 125
no shutdown

int g1/40
description HOST-VLAN126
switchport host
switchport access vlan 126
no shutdown

Imagine you are going to use intervlan routing, the provider should configure subinterfaces on its router to communicate with the vlans, for example:

ISP ROUTER

interface  g0/0
description TO-SWITCH4948
no shutdown

interface g0/0.125
description GATEWAY-VLAN125
encapsulation dot1q 125
ip add 37.19.125.1 255.255.255.0

interface g0/0.126
description GATEWAY-VLAN126
encapsulation dot1q 126
ip add 37.19.126.1 255.255.255.0

interface g0/0.777
description NATIVE-VLAN
encapsulation dot1q 777 native

But again, in my humble opinion a Router with NAT configuration should be the best solution for this scenario.

Please don't forget to rate the comment if it is useful.

:-)

First - Thank you!!!

You right.. that not look the right way..

If i will put pFsense Fw/router before the switch and connect my own pfsense to the switch, this is better way?

if so, you can explain to me?

p.s. if you want i will ready to pay you.

You the best! Thank you!

Hi

That's correct a router connected to the switch will be a good design. No worries my friend, thank you but the payment is not needed. 

It will be pleasure to assist you. Just please let me investigate about that router brand.

:-)

I have pfsense (FW) custom machine

And I have another problem, When I saved the config of the switch and when I restart the switch, I cant ping to switch but the config is saved. Becuse that I need connect serial cable every time and reconfig the switch :/

You know why?