Vlan translation
I have an internet connection with a supplied vlan of 500, i have a switch with 2 vlans (502,503)
I want to perform translation so 502 and 503 have access to the internet. How do i perform this.
I have both vlans trunked to the router on fe 0/1 and vlan 500 (internet) coming in on f/e 0/0
I want to perform translation so 502 and 503 have access to the internet. How do i perform this.
I have both vlans trunked to the router on fe 0/1 and vlan 500 (internet) coming in on f/e 0/0
JFrederick29
The router simply needs to route between the subnets. Does the router have a default route via your ISP's gateway out fa0/0? Is the router configured to NAT traffic from VLAN 502/503?
The inside vlan interfaces allowed to nat need a 'nat inside' statement.
The outside interface needs a 'nat outside' statement.
If you have an ACL that explicity defines what networks can nat, you need to add the addresses in use by the vlans.
The outside interface needs a 'nat outside' statement.
If you have an ACL that explicity defines what networks can nat, you need to add the addresses in use by the vlans.
ASKER
the router has nothing defined right now. The challenge is this is an isp envirorment where the vlans need to receive an ip address from our public dhcp serve on vlan 500 and i want to make sure nothing is blocked to the clients.
Just define a scope on the DHCP server for the VLAN 502 and 503 subnets and add the "ip helper-address <public DHCP server ip address>" command to both VLAN502 and VLAN503 subinterfaces on the router. Nothing is blocked by default on the router.
ASKER
ok so by defining the interface vlan 502 and 503 as inside and vlan 500 as outside the vlans will automatically be translated?
No, there is a little more to it than that. You want to NAT the traffic? Are the VLAN 502 and 503 subnets private? and you want to NAT them to a public IP/pool? or they are public address space? but the clients need to grap the public IP's via DHCP?
ASKER
We have wireless clients that connect to a tower supplied with an internet vlan of 500. The tower has 2 base station radios each on their own vlan. Before we had everyone on the same vlan. We want to seperate each base station and each tower so that the only common thing is they all go out on vlan 500
ASKER
We have a public pool of ip addresses
Okay, so I assume the Wireless clients get a public IP via DHCP then, right? So, you need to configure the two subinterfaces with a different public IP subnet and then use the "ip helper-address" command to forward DHCP requests to the DHCP server on VLAN 500. If public IP's, no NAT is required on the router.
ASKER
Really trying to prevent clients from talking to each other and reducing unnecessary network talk
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
They will actually be on the same subnet since we only have 1 class c block of public ip addresses. We could actually even seperate dhcp pool to each tower and each router.
Well, you can either split the class C in half and put half the subnet on the vlan502 subinterface and the other half on the vlan503 subinterface or you can use one subnet and bridge the two subinterfaces but this really provides no separation between the two LAN's meaning both LAN's can communicate fully. You might as well be using one VLAN again...