VLAN Configuration on Cisco Switch

AXISHK
AXISHK used Ask the Experts™
on
I have a CIsco switch configured with 2 VLAN, 192.168.1.0 & 192.168.2.0

How can I configure the switch such that these two VLAN can access access a internet router connected to this switch as well ? Any configuration example for reference ?

Thx
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
View Solution Only
GammelgaardFreelancer - IT Specialist

Commented:
The two VLANs need the router as default gateway - your router should be part of both VLANs, with ip addresses. Then, on your router you have to make NAT statements for both VLANs
JustInCase
Distinguished Expert 2018

Commented:
Classical example with L2 switch and router would be router on a stick.
How To Configure Router On A Stick - 802.1q Trunk To Cisco Router
With L3 switch you can have one VLAN that will forward traffic to router, so VLANs are not extending to router.
AXISHK

Author

Commented:
"Ip nat inside" on two VLAN sub-interface, so the "ip nat outside" will be on the interface connecting to WAN, correct ?

Any example on using L3 switch in this case ?

Thx
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Find out now!
Distinguished Expert 2018
Commented:
1. Correct.
Any example on using L3 switch in this case ?
There is nothing special about L3. 
ip routing
!
interface vlan 10
 desc User_1
 ip address 192.168.0.1 255.255.255.0
!
interface vlan 20
 desc User_2
 ip address 192.168.1.1 255.255.255.0
!
interface vlan 30
 descr transit VLAN
 ip address 192.168.2.2 255.255.255.0
!
interface fa0/1
 desc connection_to_router
 switchport mode access
 switchport access vlan 30
!
ip route 0.0.0.0 0.0.0.0 192.168.2.1

Open in new window

instead of using transit VLAN you can use routed interface (not on all devices)
interface fa0/1
 no switchport
 ip address 192.168.2.2 255.255.255.0

Open in new window

Router configuration
interface fa0/0
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
!
interface fa0/1
 ip address z.z.z.z y.y.y.y
 ip nat outside
!
ip route 192.168.0.0 255.255.254.0 192.168.2.2
ip route 0.0.0.0 0.0.0.0 z.z.z.x
!
ip nat inside source list 1 interface fa0/1 overload
!
access-list 1 permit 192.168.0.0 0.0.1.255

Open in new window

AXISHK

Author

Commented:
"access-list 1 permit 192.168.0.0 0.0.1.255"

Does it permit IP address from 192.168.0.0 - 192.168.1.255 ?  Correct ?

Thx
JustInCase
Distinguished Expert 2018

Commented:
Correct.
That's the range I used in example.
For your example - 192.168.1.0 and 192.168.2.0 you need two statements.
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
AXISHK

Author

Commented:
Thx
JustInCase
Distinguished Expert 2018

Commented:
You're welcome.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial