1. Home
  2. Cisco Systems
  3. InterVLAN Routing 1841 or on the 3750

InterVLAN Routing 1841 or on the 3750

Hi All,

Can someone please advised me on the most suitable method for inter vlan routing with the following setup:

---- [External IP 1841 Internal IP] ----- [Vlan 10 on a port of a Catalyst

3750 (AKA Core)]

The Cisco 1841 router has 2 interfaces internal and external. The internal is connected to a port on the switch that is configured on VLAN 10, the management vlan for the switches is running on VLAN1. there is no trunking currently between the router and switch, only between the 3750 and the rest of the Cisco switches connected to it.

Should I trunk from the router to the switch create sub interfaces on the router or create vlans on the switch turn on ip routing and run a routing protocol between the switch and router. I guess I'd have to turn the switch port connected to the router into a routed switch port?

Reply to
corb
Loading thread data ...

Basically I need to add a few VLANS for a 3rd party to connect to the Internet without connecting though my companies vlan. May also be going over to a Cisco Call Manager Express (few months times) so I'm planning on adding a voice vlan as well.

Reply to
corb

I'd do the following:

- create sub-interfaces with VLAN 10 and your new VLAN on the 1841's inside interface.

- configure the 3750's interface to the 1841 to be a trunk port ('switchport mode trunk')

- create the new VLAN on the 3750

- check the interface is trunking the VLANS ('show interface trunk')

But that isn't going to be enough to stop your third-party getting access to the corporate LAN. So you're going to need an access-list:

- create an ACL on the 1841

- deny the new subnet access to the corporate subnets

- permit everything else.

- apply this ACL inbound on the third-party sub-interface.

Of course this isn't an ideal solution - if you add new subnets on the corporate LAN and forget to update the ACL, your third-party will have access.

A better solution would be to get a firewall with a DMZ port. Put your third-parties in there on a completely separate switch.

Hope that helps.

Andrew

On Tue, 9 Oct 2007 21:25:25 +0100, corb wrote (in article ):

Reply to
Andrew Mulheirn

Thanks for the reply, but I thought I should use the 3750 for inter vlan routing as it will be much faster at routing packets between vlans and the bottleneck will actually be the router ?

Reply to
corb

All depends on what you have running, but yes, a router on a stick will require all traffic to traverse that uplink/trunk and be inter- vlan routed at the router. Distributing this to the 3750 should give you additional performance, but the 3750 is not an enterprise class switch/router, so you just have to be careful with your expectations.

To do this, create the vlan interfaces on the switch, and make sure one of the vlans matches the one going to the router. Configure one of the ports as an access port in that vlan, and configure a routing protocol on both sides that includes the vlan/network address range that the two devices share. Additionally, on the 3750, add the ranges for the other networks that you want to advertise, but I would make sure you have passive-interfaces for these networks just to keep adjacencies clean (if you use eigrp/ospf). This should give you want you want.

Since the 3750s are not the 6500s I deal with, not sure how 'routed switch ports' play into this, but I would think the above should work. Else you may need to configure a routed switch port with an IP in the routed vlan and go that route. Either way, one way or the other should get you what you need.

Reply to
Trendkill

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.