Start Free TrialLog in
Avatar of diegomirner
diegomirnerFlag for Switzerland

asked on 

vlans routing configuration help need

Dear experts,

I need same help in order to route between Vlans that runs on 3 catalyst switchs and 1812w router.
Im in my way to create 3 vlans and route between them, Also i will apply ACLs  in the routers in order to filter the access between them.
Im lost in the way to do the routing, should I use the option router on a stick?, if so could you please provide an example how to implement it on the router?
Here its a detail about the actual switches I have and the way they are connected:

1 Cisco 1812w Routers ( run as a Router + ACLs + DHCP)

1 Catalyst 2970 ( runs as a Core Switch)

2 Catalysts 2950 ( runs as a access level switches )


Vlans:

1
10
20
30

Thanks in advance
RoutersSwitches / Hubs
Avatar of undefined
Last Comment
bkepford
Avatar of bkepford
bkepford
Flag of United States of America image
The only down fall to router on a stick is if you have a lot of traffic flowing between vlans if you don't then I would recommend it
here is the router setup
and here is the switch setup
 
interface fastethernet 1/0
switchport trunk encapsulation dot1q
switchport mode trunk 

interface fastethernet 0/0 
no ip address 
 
interface fastethernet 0/0.1 
encapsulation dot1q 1 native 
 
interface fastethernet 0/0.10 
encapsulation dot1q 10
ip address 192.168.10.1 255.255.255.0 
 
interface fastethernet 0/0.20
encapsulation dot1q 20 
ip address 192.168.20.1 255.255.255.0 
 
interface fastethernet 0/0.30 
encapsulation dot1q 30
ip address 192.168.30.1 255.255.255.0

Open in new window

Avatar of dacselat
dacselat
Just do the following: (Omiting the comments)
Connect the 2970 to your router using a trunk link(similar to conection between 2970 and 2950).


Switch Config (to config a trunk link):
! Use the correct interface
configure terminal
  interface fa0/0
    switchport mode trunk

Router Config(to route between VLAN's - router on a stick):

! Use the correct interface
interface fa0/0/0
  no shutdown
!The number after dot and after dot1q is the number of the vlan assigned to the subinterface
!The IP address after encapsulation command will be the default gateway address for your hosts.
!(The IP address are just for the example)
interface fa0/0/0.1
  encapsulation dot1q 1
  ip address 10.0.1.1 255.255.255.0
interface fa0/0/0.10
  encapsulation dot1q 10
  ip address 10.0.10.1 255.255.255.0
interface fa0/0/0.20
  encapsulation dot1q 20
  ip address 10.0.20.1 255.255.255.0
interface fa0/0/0.30
  encapsulation dot1q 30
  ip address 10.0.30.1 255.255.255.0
------------------------------------------------

That's all
Avatar of diegomirner
diegomirner
Flag of Switzerland image

ASKER

Thaks for replay me.

I just create all Vlans on the router, and i have assign ip address for each vlan ., im avalible to ping from one workstation to each of this ip address.Its these a right way to do it ?Im a bit lost if i should use these way or router on a stick.for sure in the port 0/3 on the router i can't create sub interfaces, but i can still ping betwen them and my work station.my concern its that after this i will need to create ACL's for secrure the vlans and i dont know if i will be avalible to do it in this way, orther ways i will go to change to port 0/1 where i can add subinterfaces.hope to be clear about this question.
Avatar of bkepford
bkepford
Flag of United States of America image
Can you paste in a config of what you have. It was hard to follow how you have it now.
 
Thanks
Avatar of dacselat
dacselat
For your ACL's: you can apply them to the subinterfaces directly, that way you'll be filtering the incoming and outgoing traffic for your VLAN's
Avatar of diegomirner
diegomirner
Flag of Switzerland image

ASKER

here my running config :

!
interface FastEthernet2
 switchport mode trunk
 speed 100
!
interface FastEthernet3
 switchport mode trunk
 speed 100
!
interface Vlan1
 ip address 192.168.0.1 255.255.255.0
!
interface Vlan10
 ip address 192.168.10.1 255.255.255.0
!
interface Vlan20
 ip address 192.168.20.1 255.255.255.0
!
interface Vlan30
 ip address 192.168.30.1 255.255.255.0
!
interface Vlan91
 ip address 192.168.91.1 255.255.255.0
!
interface Vlan100
 ip address 192.168.100.1 255.255.255.0
!


ASKER CERTIFIED SOLUTION
Avatar of bkepford
bkepford
Flag of United States of America image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of diegomirner
diegomirner
Flag of Switzerland image

ASKER

So, whats your advice?
Avatar of bkepford
bkepford
Flag of United States of America image
If you can use the vlan access-map and vlan filter commands thoughs will work fine but if you can't then you may want to setup router on a stick.
You are not gaining anything either way unless you are using etherchannel on your switches for the 2 interfaces that you have configured. What I mean with etherchannel is that if you bundle the two links together with the "channel-group 1 mode on" .  You may see more CPU usage by applying several VLAN filters vs using access-lists but not sure of that.
 
Avatar of diegomirner
diegomirner
Flag of Switzerland image

ASKER

ok, i will go for the roter on the sitck option.
what should i do now with my dhcp configs, becouse now i have diferents pools for each vlan and i trhink it binds the right ip address range against the vlans ip address.
for ex , here my actualy config about it:

!
ip dhcp pool public
   network 192.168.10.0 255.255.255.0
   default-router 192.168.10.1
   dns-server 4.2.2.2
   domain-name toto.com
!
!
ip dhcp pool staff
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1
   dns-server 4.2.2.2
   domain-name toto2.com
!
Avatar of bkepford
bkepford
Flag of United States of America image
That is correct it will send out of the interface that matches the network command.
Routers
Routers

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

49K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent