Connecting Cisco router and switch to ISP router with inter VLAN routing

Submitted on Fri, 05/17/2024 - 09:56

Tags

local-government-topology

 

In this tutorial, we will learn how to connect an additional CISCO router and CISCO L3 switch to an existing ISP's router as shown in the diagram above. After the connection, we will enable inter-VLAN routing in the L3 switch. This configuration will make sure that there are enough IP addresses and devices in different VLANs can communicate with each other when needed. This will also make sure that our broadcast traffic is reduced which is beneficial to network's performance. This design is important if we are to deploy a server in the private network which shall be accesible through devices in all the VLANs. Let's begin !

Part 1: CISCO Router Configuration

Step 1: Access CISCO's router's CLI

Connect the CISCO router to any LAN port on the ISP's router.

Access the CISCO router's CLI using the console cable and any software such as PUTTY.

Follow the commands below to access the configuration section of the router

The router shall start in user exec mode with following prompt:

Router>

Type en to enter into privileged exec mode

Router> en

The prompt changes as follows:

Router#

Type conf t to enter int global configuration mode which is needed to make changes to router configuration.

Router# configure terminal

The prompt changes as follows:

Router (config)#

 

Step 2: Assign IP to the router's interface connected to the ISP router

Router (config)# interface GigabitEthernet 0/0/1

Router (config-if)# ip address 192.168.1.2 255.255.255.0

Router (config-if)# no shutdown

Note: The IP should be of the same network as ISP router.

 

Step 3: Assign IP of different subnet to the router's interface connected to the CISCO's L3 switch

Router (config)# interface GigabitEthernet 0/0/0

Router (config-if)# ip address 192.168.100.1 255.255.255.0

Router (config-if)# no shutdown

Note: The two interfaces have been assigned IP addresses from different subnets.

Interface IP
GigabitEthernet 0/0/1 192.168.1.2/24
GigabitEthernet 0/0/0 192.168.100.1/24

 

Step 4: Assign ISP router's private IP as the default gateway for the CISCO router

Router (config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1

 

Step 5: Assign CISCO router's interface connected to the ISP's router as outside interface for NAT configuration

Router (config)# interface GigabitEthernet 0/0/1

Router (config-if)# ip nat outside

 

Step 6: Assign CISCO router's interface connected to the CISCO L3 switch as inside interface for NAT configuration

Router (config)# interface GigabitEthernet 0/0/0

Router (config-if)# ip nat inside

 

Part 2: CISCO L3 switch configuration

Step 1: Access CISCO L3 switch's CLI

Connect the L3 switch to CISCO router.

Access the switch's CLI using console cable and PUTTY.

The switch shall start in user exec mode with following prompt:

Switch>

Type en to enter into privileged exec mode

Switch> en

The prompt changes as follows:

Switch#

Type conf t to enter int global configuration mode which is needed to make changes to switch configuration.

Switch# conf t

The prompt changes as follows:

Switch (Config)#

 

Step 2: Assign IP to the L3 switch's interface connected to the CISCO router

Switch (config)# interface GigabitEthernet 1/0/3

Switch (config)# no switchport

Switch (config-if)# ip address 192.168.100.2 255.255.255.0

Switch (config)# no shutdown

Note: The IP address is of same network as that of the CISCO router's interface connected. no switchport command converts the switch port into a L3 port. no shutdown command turns on the interface.

 

Step 3: Create the required number of VLANs (2 in this case)

Switch (config)# vlan 10

Switch (config-vlan)# name pc

Switch (config-vlan)# vlan 20

Switch (config-vlan)# name printers

 

Step 4: Assign the switch's interfaces to the newly created VLANs

Switch (config)# interface range GigabitEthernet 1/0/1-2

Note: Here, we are selecting a range of interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2

Switch (config-if-range)# switchport access vlan 10

Switch (config-if-range)# interface range GigabitEthernet 1/0/4-5

Switch (config-if-range)# switchport access vlan 20

 

Step 5. Assign IP addresses to the virtual intefaces create through VLAN

Switch (config)# interface vlan 10

Switch (config-if)# ip address 10.10.10.1 255.255.255.0

Switch (config-if)# interface vlan 20

Switch (config-if)# ip address 10.10.20.1 255.255.255.0

Note: Different virtual interfaces have been assigned IP addresses from different subnets as follows:

Virtual Interface IP Address
vlan10 10;10.10.1/24
vlan20 10.10.20.1/24

 

Step 6. Enable inter-VLAN routing in the L3 switch

Switch (config)# ip routing

 

Step 7. Create DHCP Pools for the VLANs created

Switch (config)# ip dhcp pool 10

Switch (dhcp-config)# network 10.10.10.0 255.255.255.0

Switch (dhcp-config)# default-router 10.10.10.1

Switch (dhcp-config)# dns-server 8.8.8.8

Note: 10.10.10.1 is the IP of the virtual interface in the L3 switch. This shall act as the default gateway for this network.

 

Switch (config)# ip dhcp pool 20

Switch (dhcp-config)# network 10.10.20.0 255.255.255.0

Switch (dhcp-config)# default-router 10.10.20.1

Switch (dhcp-config)# dns-server 8.8.8.8

Note: 10.10.20.1 is the IP of another virtual interface in the L3 switch. This shall act as the default gateway for this network.

 

Step 8. Assign CISCO's router's interface connected to the L3 switch as its default gateway

Switch (config)# ip route 0.0.0.0 0.0.0.0 192.168.100.2

 

Part 3 CISCO Router configuration finalization

Step 1. Add static routes in the CISCO router for different networks defined in L3 switch

Router (config)# ip route 10.10.10.0 255.255.255.0 192.168.100.2

Router (config)# ip route 10.10.20.0 255.255.255.0 192.168.100.2

 

Step 2. Create Access List for NAT configuration

Router (config)# ip access-list standard 1

Router (config-std-nacl)# permit 192.168.100.0 0.0.0.255

Router (config-std-nacl)# permit 10.10.10.0 0.0.0.255

Router (config-std-nacl)# permit 10.10.20.0 0.0.0.255

Note: 0.0.0.255 is called wildcard mask which is opposite of subnet mask. It is created by replacing 1s by 0s in subnet mask. By convention, ACL uses wildcard mask instead of the subnet mask.

 

Step 3. Allow the networks defined in the ACL to use NAT features.

Router (config)# ip nat inside source list 1 interface GigabitEthernet 0/0/1 overload

Note: This is a mandatory step which will allow addresses from the networks 10.10.10.0/24, 10.10.20.0/24 and 192.168.100.0/24 to be translated into IP address of the outside interface (192.168.1.2/24)  of the CISCO router when packets are going out towards the internet. The overload term is used for Port Address Translation feature of NAT.

Finally, the devices connected to different VLANs shall be able to talk to devices in other VLANs due to inter-VLAN routing feature. This was possible due to the switch virtual interfaces (SVI) available in the L3 switch. The CISCO router is mainly used here for NAT purpose while the L3 switch is used for VLAN creation, inter-VLAN routing and DHCP service. It should be noted that we didn't make any changes to the ISP's router which is usually the case. The ISP's router already has routes defined for the network 192.168.1.0/24. We simply used NAT features to route the packets coming from new networks created in the L3 switch.

lg_0.pkt