jands
asked on
Creating 2 separate networks
Hello,
I have a environment that needs to be separated into 2 networks that network A can not talk to network B but can still both have internet access. There are about 10 computers on both sides. They are using a adtran netvanta 3200 for their router. Looking for options. Vlan? A way to subnet them?
Also they do not have a server.
Thanks,
JandS
I have a environment that needs to be separated into 2 networks that network A can not talk to network B but can still both have internet access. There are about 10 computers on both sides. They are using a adtran netvanta 3200 for their router. Looking for options. Vlan? A way to subnet them?
Also they do not have a server.
Thanks,
JandS
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry, mean to add that if it only has 1 interface you should be able to configure it as an 802.1q trunk in which you will trunk 2 vlans over the one interface between the router and the switch. So its doing the same thing - but using 1 ehternet port. Its refered to as router on a stick.
On the 3200's you can setup two different vlans, and as already noted, create subinterfaces and split them off onto different VLANS. Remember to setup the swtich port as a .1q trunk.
You can then also setup the ACL's in the router to explicitly block traffic. Something like the following
interface eth 0/1.5
description DATA
vlan-id 5
no shutdown
ip address 192.168.1.1 255.255.255.0
access-policy PRIVATE
qos-policy out OUT
!
interface eth 0/1.10
description VOIP
vlan-id 10
no shutdown
ip address 10.10.10.1 255.255.255.0
access-policy PHONES
qos-policy out OUT
ip access-list extended NAT-PHONES
deny ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 10.10.10.0 0.0.0.255 any
!
ip access-list extended NAT-PRIVATE
deny ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip policy-class PRIVATE
nat source list NAT-PRIVATE interface ppp 1 overload
ip policy-class PHONES
nat source list NAT-PHONES interface ppp 1 overload
You can then also setup the ACL's in the router to explicitly block traffic. Something like the following
interface eth 0/1.5
description DATA
vlan-id 5
no shutdown
ip address 192.168.1.1 255.255.255.0
access-policy PRIVATE
qos-policy out OUT
!
interface eth 0/1.10
description VOIP
vlan-id 10
no shutdown
ip address 10.10.10.1 255.255.255.0
access-policy PHONES
qos-policy out OUT
ip access-list extended NAT-PHONES
deny ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 10.10.10.0 0.0.0.255 any
!
ip access-list extended NAT-PRIVATE
deny ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip policy-class PRIVATE
nat source list NAT-PRIVATE interface ppp 1 overload
ip policy-class PHONES
nat source list NAT-PHONES interface ppp 1 overload
ASKER
After setting up the trunk on eth0 on the adtran 3200. Then I will also have to setup the eth port on the switch that is connected to the 3200 with trunking as well? I would assume I would need to make both ports available for trunking, just double checking. Also I am thinking of getting a cisco switch for them, although the adtran 3200 is not the same company, but with the 802.1q standard I shouldn't have a issue correct?
That is correct both ends of a trunk need to be configured as a trunk. So yes the switchport will need to be configured as a trunk as well. Yes you will not have any problems with a cisco switch as 802.1q is an industry standard.
ASKER
Thank you very much, You have made my job easy.
ASKER