VLAN Configuration on Cisco Switch

I have a CIsco switch configured with 2 VLAN, 192.168.1.0 & 192.168.2.0

How can I configure the switch such that these two VLAN can access access a internet router connected to this switch as well ? Any configuration example for reference ?

Thx
AXISHKAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GammelgaardFreelancer - IT SpecialistCommented:
The two VLANs need the router as default gateway - your router should be part of both VLANs, with ip addresses. Then, on your router you have to make NAT statements for both VLANs
JustInCaseCommented:
Classical example with L2 switch and router would be router on a stick.
How To Configure Router On A Stick - 802.1q Trunk To Cisco Router
With L3 switch you can have one VLAN that will forward traffic to router, so VLANs are not extending to router.
AXISHKAuthor Commented:
"Ip nat inside" on two VLAN sub-interface, so the "ip nat outside" will be on the interface connecting to WAN, correct ?

Any example on using L3 switch in this case ?

Thx
Answering your cyber security questions

It’s in the news. It’s the job title of the main character on every other tech thriller on TV and in the movies. It’s the hot topic in business boardrooms, university classrooms, and just about everywhere else. But what is cyber security, and how do you get a job in it?

Find your answers
JustInCaseCommented:
1. Correct.
Any example on using L3 switch in this case ?
There is nothing special about L3. 
ip routing
!
interface vlan 10
 desc User_1
 ip address 192.168.0.1 255.255.255.0
!
interface vlan 20
 desc User_2
 ip address 192.168.1.1 255.255.255.0
!
interface vlan 30
 descr transit VLAN
 ip address 192.168.2.2 255.255.255.0
!
interface fa0/1
 desc connection_to_router
 switchport mode access
 switchport access vlan 30
!
ip route 0.0.0.0 0.0.0.0 192.168.2.1

Open in new window

instead of using transit VLAN you can use routed interface (not on all devices)
interface fa0/1
 no switchport
 ip address 192.168.2.2 255.255.255.0

Open in new window

Router configuration
interface fa0/0
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
!
interface fa0/1
 ip address z.z.z.z y.y.y.y
 ip nat outside
!
ip route 192.168.0.0 255.255.254.0 192.168.2.2
ip route 0.0.0.0 0.0.0.0 z.z.z.x
!
ip nat inside source list 1 interface fa0/1 overload
!
access-list 1 permit 192.168.0.0 0.0.1.255

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AXISHKAuthor Commented:
"access-list 1 permit 192.168.0.0 0.0.1.255"

Does it permit IP address from 192.168.0.0 - 192.168.1.255 ?  Correct ?

Thx
JustInCaseCommented:
Correct.
That's the range I used in example.
For your example - 192.168.1.0 and 192.168.2.0 you need two statements.
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
AXISHKAuthor Commented:
Thx
JustInCaseCommented:
You're welcome.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VLAN

From novice to tech pro — start learning today.