How to create an inter only vlan on a router

0 %
100 %
Information about How to create an inter only vlan on a router
Templates & Forms

Published on March 11, 2014

Author: routersbuy

Source: slideshare.net

Description

Leading Cisco networking products distributor-3network.com

How to Create an Inter-only VLAN on a Router? VLAN (Virtual Local Area Networks) allow network switches to separate traffic based on a logical identifier, known as a VLAN ID. When used in conjunction with a router that supports sub- interfaces, a VLAN can be create that only allows users to access the Internet and no other resources on the network. The router can be configured to differentiate among devices connected on the Internet-only and other traffic arriving on the same physical connections, using access lists and routing tables to prevent the former from communicating with the latter What you need to create an internet only VLAN on a router Network router that supports IEEE 802.1Q or ISL VLAN encapsulation PC with the ability to connect to the router Console cable (if Telnet or Web configuration is not available) How to Create an Internet Only VLAN on a Router? Follow the steps… 1. Plan your network. You will need two separate, non-overlapping Internet Protocol (IP) address spaces for each network. The most common private address space is 192.168.y.x, with a subnet mask of 255.255.255.0 (where “Y” is a static number from 1 to 254 and X is the number that will be assigned to each individual host). 2. Connect to your router. On a Cisco router, this will either involve a telnet session to its administrative IP address or a direct connection from the serial port on your PC to the console port on the router. Other, consumer-level routers might use a Web interface that you access by typing its administrative IP into a Web browser. Check with the manufacturer for specific instructions on accessing their configuration interface. 3. Configure virtual sub-interfaces on the physical port connecting from the switch to the router. On a Cisco router, you will do this by entering the configuration mode for the interface (e.g.: “int ethernet0″) and then entering the sub-interface by typing “int [interface name][interface number].[vlan id]” (e.g. “int e0.1″). 4. Enable DOT1Q or ISL VLAN encapsulation on all sub-interfaces, giving each one a separate VLAN identification number (a number between 1 and 4094). On Cisco routers, this command is issued in the sub-interface configuration mode and is formatted as “encapsulation [DOT1Q or ISL] [VLAN ID]” (e.g.: “encapsulation dot1q 10″ for vlan “10″). Issue this command separately for each sub-interface. 5. Assign all sub-interfaces a gateway address within their respective network. The gateway IP address is commonly the first or last host number of the network (e.g.: 192.168.2.x network would have an interface of 192.168.2.1 or 192.168.2.254). On a Cisco router, this command would be (in sub-interface configuration mode) “ip address 1

[address] [subnet mask]” (e.g.: ip address 192.168.2.1 255.255.255.0) 6. Configure routing tables for each VLAN network. Ensure that the Internet-only VLAN has a default route (0.0.0.0) that points to the port in the router connected to the internet. In a Cisco router, you issue this command in global configuration mode by typing “ip route 0.0.0.0 0.0.0.0 [interface or IP address of next 'hop']“ 7. Create a Access Control List (ACL) that will deny traffic from any member of the Internet-only network from accessing other networks. Access control lists can be tricky, but the individual command looks in Cisco routers like “access-list [ACL Number] deny [Internet-only network address] [Internet-only wildcard mask] [other network address] [other network wildcard mask] (e.g.: access-list 10 deny 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255).” 8. Apply the access list to the Internet-only sub-interface. In Cisco routers, you can do this by going into the interface configuration mode and issuing the command “access- group [ACL number/name] [in/out].” Tips & Warnings With all the different VLAN numbers and address, it is good to develop a system for consistency. Consider making the network number and VLAN ID the same, tying VLAN 2, for example, to the network 192.168.*2*.0. This way, you’ll know that hosts with a 192.168.2.x address are members of VLAN 2. With Cisco routers, you can add comments to the sub-interface by issuing the “description [text]” or “remark [remark]” commands. This way, when you or another person has to work with the router configuration, they can get a clear description of what the sub-interface was designed to achieve (e.g. “description: This is the Internet-only VLAN”) Cisco routers are some of the most common in the U.S.; however, many manufacturers provide access to these same configuration options through Web interfaces with pull- down menus and text boxes. Check with the manufacturer of you router to verify the best way to issue these commands. Make sure that the port connecting the switch to the router is set as a VLAN trunk. If the port on the switch is not a trunk, it won’t forward any data frames from VLANs outside of the one to which are it assigned. —Original resource from http://www.ehow.com/how_7612823_create-internet-only-vlan-router.html 2

3Anetwork.com is a world leading Cisco networking products wholesaler, we wholesale original new Cisco networking equipments, including Cisco Catalyst switches, Cisco routers, Cisco firewalls, Cisco wireless products, Cisco modules and interface cards products at competitive price and ship to worldwide. Our website: http://www.3anetwork.com Telephone: +852-3069-7733 Email: info@3Anetwork.com Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong 3

Add a comment

Related presentations

Consent Form 2014 SW FL Rheem Team Peopleʼs Choice Scholar-Athlete Giveaway

This sample California Irrevocable Trust has a specific provision that states that...

This sample California motion to compel attendance at deposition and produce docum...

A really simple time management chart that we all use and love. We hope you find i...

Related pages

» How to Create an Inter-only VLAN on a Router? Router ...

How to Create an Inter-only VLAN on a Router? Posted by Yejian Technologies on May 2, 2012 VLAN ... How to Create an Internet Only VLAN on a Router?
Read more

How to Create an Internet Only VLAN on a Router | Chron.com

How to Create an Internet Only VLAN on a Router by James T Wood, Demand Media
Read more

How To Configure Router On A Stick - 802.1q Trunk To Cisco ...

... commands to ensure you can successfully configure router-on-a-stick ... VLAN), we only need to create ... Inter-VLAN routing services with ...
Read more

Router Switch Blog » Create an Inter-only VLAN on a Router

This video demo shows that how to configure InterVLAN routing on a Cisco Catalyst 3550 series switch. Video Demo: How to Configure InterVLAN Routing On ...
Read more

How do I configure VLAN Routing on a smart switch ...

To create VLAN interfaces: ... to firmware v6.x.x.x that is only available to the ... switch & ProSAFE router; How do I use the VLAN Routing ...
Read more

Manual:Interface/VLAN - MikroTik Wiki

Manual:Interface/VLAN. ... To illustrate inter-VLAN communication, we will create a trunk that ... "Configuration example on MikroTik router:" "Create VLAN ...
Read more

Configuring Inter-VLAN Routing (Router-on-a-Stick) | Free ...

... and verification of inter-vlan routing known as Router on a Stick. ... you only need a SINGLE router and ... Create VLAN’s 20 and 30 on SW1 ...
Read more

Understanding and Configuring VLAN Routing and Bridging on ...

Understanding and Configuring VLAN Routing and Bridging on ... Catalyst 6500 Series Switches and Cisco 7600 Series Routers. ... only with Layer 3 (L3 ...
Read more

Cisco 7600 Series Router Software Configuration Guide ...

For Ethernet VLANs only. No. ... Note Cisco 7600 series routers do not support Inter ... Before you can create a VLAN, the Cisco 7600 series router must be ...
Read more