Cisco 3524 and 2610 vlans

5 pts.
Tags:
Cisco 2620
Cisco 3524
Cisco switches
Cisco VLAN
InterVLAN
InterVLAN Routing
VLAN
Hi im trying to get my head round if this is at all possible. i have a load of 3524 switches and a single 2620 with 1 ethernet port. is it possible to have setup in this configuration with the equipment i have this part i am ok with and understand vlan6 - switch management 10.0.6.1/24 gw 10.0.0.6.254 vlan2 - server vlan 10.0.0.1/24 gw 10.0.0.254 vlan3 - Client valn 10.0.3.1/24 gw 10.0.3.254 vlan4 - finance vlan 10.0.4.1/24 gw 10.0.4.254 vlan5 - printer vlan 10.0.5.1/24 gw 10.0.5.254 vlan7 - Internet vlan 10.0.10.1/24 gw 10.0.10.254 i now want to use the 2620 to do inter vlan routing ok i understand this part and see how it works, there will also be deny routes to block vlan3 access to vlan4. the part that is confusing me is how to i get intenet to all vlans? or do i need something sitting inbetween?
ASKED: June 15, 2009  12:41 PM
UPDATED: June 16, 2009  1:12 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

The equipment you have is fine. The only issue is that the router will not be that fast routing between LANs, a layer 3 switch would be quicker, but if there is not too much traffic between them the router should be fine.

You need to create the vlans on the switches, and then a trunk to the router. The router will have sub-interfaces, each with an IP address for the individual vlan (subnet), which will also be the default gateway for that particular vlan. These can be exactly as you show in your question.

If you don’t want a particular vlan to be able to access another, create an access list (ACL) and apply it to the subinterface on the router. This should really be applied to both inbound and outbound traffic.

For example, to block traffic from vlan 3 to vlan 4

ip access-list extended No-V3-to-V4
deny ip any 10.0.4.0 0.0.0.255
permit ip any any
!
ip access-list extended No-V4-to-V3
deny ip any 10.0.3.0 0.0.0.255
permit ip any any
!
int fastethernet0/1.3
desc ** VLAN 3 – Client **
encapsulation dot1Q 3
ip access-group No-V3-to-V4 out
!
int fastethernet0/1.4
desc ** VLAN 3 – Finance **
encapsulation dot1Q 4
ip access-group No-V4-to-V3 out
!

The permit ip any any at the end of the access list allows that VLAN to still connect to any of the other vlans, and to the Internet. The routing and NAT for the Internet is not shown, all you will need is a default route to the Internet router that is in VLAN 7. As the router is the gateway for all the vlans, it will have routes between them, and to the Internet (the 0.0.0.0 0.0.0.0 route) so all VLANs will be able to access the Internet.

That is the basic idea, from that you can allow or deny access between the vlans, or to individual hosts on a particular vlan.

Hope this helps.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Harmlessworld
    [...] Is your Cisco router end of lifeCisco CISCO2610XM 2610XM Modular Access RouterRouter Switch BlogCisco Console Cables, Popular Types You UsedCisco IOS 15.1(4)M for ISR Routers – IOS Shell Gives Us Nested Grep!IOS: Let Me Truncate That Password For You…Cisco E1/T1 ISDN PRI Network Modules for Cisco 2610-51XM 28007 Steps to Upgrade IOS Image on Cisco Catalyst Switch or RouterCisco IOS Zone Based FirewallsCisco 3524 and 2610 vlans [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following