Home > IT Answers > Networking > Cisco 3524 and 2610 vlans
Harmlessworld
5 pts.
0
Q:
Cisco 3524 and 2610 vlans
Cisco 2620, Cisco switches, Cisco 3524, Cisco VLAN, InterVLAN Routing, InterVLAN, VLAN
Hi im trying to get my head round if this is at all possible.

i have a load of 3524 switches and a single 2620 with 1 ethernet port.

is it possible to have setup in this configuration with the equipment i have

this part i am ok with and understand

vlan6 - switch management 10.0.6.1/24 gw 10.0.0.6.254
vlan2 - server vlan 10.0.0.1/24 gw 10.0.0.254
vlan3 - Client valn 10.0.3.1/24 gw 10.0.3.254
vlan4 - finance vlan 10.0.4.1/24 gw 10.0.4.254
vlan5 - printer vlan 10.0.5.1/24 gw 10.0.5.254
vlan7 - Internet vlan 10.0.10.1/24 gw 10.0.10.254

i now want to use the 2620 to do inter vlan routing ok i understand this part and see how it works, there will also be deny routes to block vlan3 access to vlan4.

the part that is confusing me is how to i get intenet to all vlans? or do i need something sitting inbetween?
ASKED: Jun 15 2009  12:41 AM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
BlankReg
11270 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
The equipment you have is fine. The only issue is that the router will not be that fast routing between LANs, a layer 3 switch would be quicker, but if there is not too much traffic between them the router should be fine.

You need to create the vlans on the switches, and then a trunk to the router. The router will have sub-interfaces, each with an IP address for the individual vlan (subnet), which will also be the default gateway for that particular vlan. These can be exactly as you show in your question.

If you don't want a particular vlan to be able to access another, create an access list (ACL) and apply it to the subinterface on the router. This should really be applied to both inbound and outbound traffic.

For example, to block traffic from vlan 3 to vlan 4

ip access-list extended No-V3-to-V4
deny ip any 10.0.4.0 0.0.0.255
permit ip any any
!
ip access-list extended No-V4-to-V3
deny ip any 10.0.3.0 0.0.0.255
permit ip any any
!
int fastethernet0/1.3
desc ** VLAN 3 - Client **
encapsulation dot1Q 3
ip access-group No-V3-to-V4 out
!
int fastethernet0/1.4
desc ** VLAN 3 - Finance **
encapsulation dot1Q 4
ip access-group No-V4-to-V3 out
!

The permit ip any any at the end of the access list allows that VLAN to still connect to any of the other vlans, and to the Internet. The routing and NAT for the Internet is not shown, all you will need is a default route to the Internet router that is in VLAN 7. As the router is the gateway for all the vlans, it will have routes between them, and to the Internet (the 0.0.0.0 0.0.0.0 route) so all VLANs will be able to access the Internet.

That is the basic idea, from that you can allow or deny access between the vlans, or to individual hosts on a particular vlan.

Hope this helps.
Last Answered: Jun 16 2009  1:12 PM GMT by BlankReg   11270 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



0