Thank you. So to confirm

rob · ‎04-20-2016

I am going to attempt to segment a small LAN with three VLANs. I will have one VLAN for data, another for security cameras, and a third for public Internet access. I have a good understanding of how to do this but one thing I am not sure of. Do I keep all three VLANs on the same 192.168.1.0 network or do create a different network for each VLAN. If my default gateway is 192.168.1.1 on port 1 and I create a VLAN3 192.168.3.0. Will the port(s) assigned to VLAN3 have Internet access if I includ port 1 in the VLAN3 setup even though the networks are different?

Thanks

Reza Sharifi · ‎04-20-2016

To keep them separate you want to keep each vlan in a different subnet

example:

data vlan 10 subnet 192.168.10.0/24

security vlan 20 subnet 192.168.20.0/24

public Internet vlan 30 subnet 192.168.30.0/24

This way you can give the public Internet segment access to Internet only.

HTH

rob · ‎04-20-2016

Thank you. So to confirm using your example, if the router is on port 1 on vlan 10 with a default gateway address of 192.168.10.1, all the computers on vlan 30 can get out on the Internet if port 1 is a member of vlan 30?

pashtet13 · ‎04-20-2016

You will have to configure router-on-a-stick. Your port1 on the router will have three subinterfaces: port1.10, 1.20, 1.30 and subinterfaces will have IPs 192.168.10.1, 20.1, 30.1

Computers on each vlan will use those IPs as their default gateways.

Here is a guide how to configure router on a stick:

http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/14976-50.html

Segmenting a small LAN