Thursday, February 3, 2011

Share internet connection on router with 1 LAN interface for multiple VLANs

My topology looks like this:

                                                                 <--> VLAN 1
               -------------         --------------------------
Internet <--> | Router / FW | <---> | Switch (VLANs + Subnets) | <--> VLAN 10
               -------------         --------------------------
                                                                 <--> VLAN 192

Currently, i have m0n0wall firewall/gateway (the router) and Layer 3 Dell Poweconnect 6200 series (6248) switch.

  • The routers LAN interface has IP 10.10.1.127 / 22, so for VLAN 10 10.10.0.0 / 22 i have internet connection.
  • Also, i have routing set up between VLANs so i can ping any computer in any vlan from any vlan.

As i understand, i need an interface for each vlan on router to be able to give internet connection to that vlan. I've tried plugging additional interface, and i've managed to get internet connection on additional vlan (vlan i configured interface on).

Isn't there any other possibility/routing option to share internet accross all vlans with 1 interface? I may have VLANs over 4 that needs internet connection. I may run out of PCI slots for that and it also wastes ports on my switch.

Change router/firewall?

Maybe the router software should be changed? It's just a regular PC box. The router part is there for NATing, port forwarding and firewalling.

Change topology?

Maybe there is an alternative configuration option - like i could just put that box aside, plug internet into switch and just run all thraffic to/from internet throught that firewall? How do you call that - routing/firewalling on a stick? Is that possible?

From serverfault Janis Veinbergs

  • Disable IP forwarding on the router or implement IP rules on it that isolate each VLAN. They will still be able to get to the Internet, they just won't be able to communicate unless they use the external interface.

    Janis Veinbergs : Sorry, i can't really get what are you trying to say? Which external interface?
    Ignacio Vazquez-Abrams : The interface connected to the Internet, e.g. the external IP address.
    From Ignacio Vazquez-Abrams

  • as you have a layer-3 switch, you can create another vlan for your internet connection only, which will be connected to your router.

    you can then assign members of different vlans to internet vlan for them to have internet access.

    Basically setting up inter-vlan routing in your switch via "ip routing".

    default gateway for the switch would be the router taking it out to the internet either globally or a separate vlan.

    Hope that helps

    Janis Veinbergs : Currently I HAVE working Internet + PCs on my VLAN 10 and also routing enabled, however users from VLAN 100 cannot get onto internet, but can communicate with VLAN 10 PCs. Default route is pointing to router.
    rihatum : http://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_23947790.html Add static routes on your router for your VLANs, as your router is connected to the interface on VLAN10, it is aware of the clients / addressing on vlan10, add routes on your router (static routes to all your vlans apart from the vlan where the router is connected to). Your switch default gateway should be your router's internal IP Address (10.10.1.127 / 22) Hope that helps
    Janis Veinbergs : That's it - thank you - i had to add routes from router to my Layer 3 switch (+ i`v had to set up VLAN trunking between Router and Switch)
    From rihatum
Posted by Mu Cat at 8:56 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)