cisco router configuration

I have 10 cisco 3524 switches that I've configured with various VLAN's (vlan 10, 20, 30 and so forth). Unfortunately, they're L2 switches and cannot route traffic amongst vlans.  The idea was to connect it to the TZ210 router from Sonicwall but the TZ series does not have the feature to create sub interfaces vlan routing (only the NSA series do--which are too expensive).  

So, the solution was to have a cisco 2650 router in the middle to support the multiple VLANs only, and have the tz 210 take care of all other routing, intrusion detection, vpn, etc features.  
Here's the topology:  Internet-----TZ 210 Router-----Cisco Router (2651)----cisco switches (3524's).    Subnet is a /24.

Question 1: Since I only need to configure the cisco 2651 to support multiple VLAN's---what all do i need to configure to make it functional? Do i even need Nat, ip route--inside, outside as I would if it was to perform as a sole router?  
I was thinking of making FE0/0 connect to the TZ 210 with the IP from the LAN (same subnet---ex. FE0/0 ip--10.1.10.253  and the tz210's IP: 10.1.10.254) and FE0/1 (10.1.10.1) connect to the switch (10.1.10.2), not enable NAT and just have sub interfaces on FE0/1 for each Vlan. Am I on the right track?    
I think the easier question is, what steps (Outline) are needed to connect the above topology on the cisco 2651 and the TZ 210 to the switches while supporting the VLANs.
Your help is much appreciated!
seven45Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

digitapCommented:
I have a client with a similar configuration only our layer 3 switch is a 3Com not a Cisco.  The 3Com has a gateway for Internet traffic of 10.150.200.1 which is the LAN interface IP address.  The 3Com has 10.150.200.2 on that subnet.  To the VLAN networks, they know the 3Com as 192.168.1.21.  It looks like this:

SW LAN 10.150.200.1--->10.150.200.2 3Com Layer3 Switch 192.168.1.21-->switches

We were using the NSA (we had a Pro previously) as the router, but moved this function to the 3Com layer 3 switch to get that extra stress off the SW.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OzNetNerdCommented:
"I was thinking of making FE0/0 connect to the TZ 210 with the IP from the LAN (same subnet---ex. FE0/0 ip--10.1.10.253  and the tz210's IP: 10.1.10.254) and FE0/1 (10.1.10.1) connect to the switch (10.1.10.2), not enable NAT and just have sub interfaces on FE0/1 for each Vlan. Am I on the right track?"

This is exactly how I would do it, but I would like to clarify a few things.

Firstly, just in case you did not know, when creating sub interfaces you should not give the physical interface an IP address. e.g do not give fe0/1 an IP, give an IP to fe0/1.1, fe0/1.2, etc.

Judging by this comment:
"FE0/1 (10.1.10.1) connect to the switch (10.1.10.2)"

I assume the 10.1.10.x network is your management network? If so, you should give the 10.1.10.1 IP address to fe0/1.1

Also, once you have the inter-vlan routing working (that is what they call the process of using a router to allow PCs in different VLANs to talk to one another), you should include a static route that points all of you non-local traffic to the tz210. As you have suggested, the tz210 will be plugged in to fa0/0 so you can enter the static route in one of two ways:

ip route 0.0.0.0 0.0.0.0 10.1.10.254

or

ip route 0.0.0.0 0.0.0.0 fa0/0

I personally prefer to use the first example.

Also, to answer your question, no you will not need to perform any NATing on the Cisco.

Good luck, and let us know how you go.
0
amprantiCommented:
Keep in mind that L3 switch always provide better performance that performing intervlan routing on the router!
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

602650528Commented:
Q1. Yeah, let the TZ210 take care of your firewall protection and routing to and fro internet. Let the TZ210 take care of NATting too.
       You need a default route on the cisco router pointing to the TZ210.
      ip route 0.0.0.0 0.0.0.0 0.1.10.254

As you suggested configure the router interface facing the switch as trunk.  e,g
!
interface FastEthernet0/1
 no ip address
 no shutdown
!
! this is for vlan10
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 10.10.10.10 255.255.255.0
! this is for vlan20
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 10.20.10.10 255.255.255.0
! this is for vlan10
interface FastEthernet0/0.30
 encapsulation dot1Q 30
 ip address 10.30.10.10 255.255.255.0

Hope I have been able to answer your query.
0
seven45Author Commented:
Sorry for the delay,  I'll be trying some of the above suggestions on Wednesday and will post back if I run into any problems.
I did get to briefly try creating the sub interfaces----i was able to create them successfully with teh 10.1.10.1 to FE0/1.1 on the cisco router 2650. However, when I tried assigning an ip (10.1.10.253) to FE0/0 (the one that will connect to the TZ210), I was unable to because its on the same subnet.   Do I need to put  the FE0/0 of the router and the TZ210 on a different subnet to make it work, or am I missing something else.
Thanks in advance for your replies-----(they've helped me tremendously so far).  


0
602650528Commented:
Apparently you can't assign 2 interfaces of a router to same subnet ; that is why it's called a router; it routes packets between it's interfaces whihc should be in different subnets. So the interface facing the TZ210 should  be on different subnet with f0/0 but on same subnet as the interface on the TZ210
0
digitapCommented:
Thanks for the points and glad we could help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.