04-20-2016 09:39 AM - edited 03-08-2019 05:25 AM
I am going to attempt to segment a small LAN with three VLANs. I will have one VLAN for data, another for security cameras, and a third for public Internet access. I have a good understanding of how to do this but one thing I am not sure of. Do I keep all three VLANs on the same 192.168.1.0 network or do create a different network for each VLAN. If my default gateway is 192.168.1.1 on port 1 and I create a VLAN3 192.168.3.0. Will the port(s) assigned to VLAN3 have Internet access if I includ port 1 in the VLAN3 setup even though the networks are different?
Thanks
04-20-2016 11:45 AM
To keep them separate you want to keep each vlan in a different subnet
example:
data vlan 10 subnet 192.168.10.0/24
security vlan 20 subnet 192.168.20.0/24
public Internet vlan 30 subnet 192.168.30.0/24
This way you can give the public Internet segment access to Internet only.
HTH
04-20-2016 12:13 PM
Thank you. So to confirm using your example, if the router is on port 1 on vlan 10 with a default gateway address of 192.168.10.1, all the computers on vlan 30 can get out on the Internet if port 1 is a member of vlan 30?
04-20-2016 12:41 PM
You will have to configure router-on-a-stick. Your port1 on the router will have three subinterfaces: port1.10, 1.20, 1.30 and subinterfaces will have IPs 192.168.10.1, 20.1, 30.1
Computers on each vlan will use those IPs as their default gateways.
Here is a guide how to configure router on a stick:
http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/14976-50.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide