Re: Configuring VLAN in 6500 Switch

"Bryan" <BTRichardson@xxxxxxxxx> wrote in message
news:1185569089.887685.198900@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello all,

I have a Catalyst 6506 that I use for my connection out to the outside
world. My external interface has a routable IP address, and is set up
for NATting. I have multiple VLAN interfaces configured as non-
routable networks, and are also configured for NATting, so that when
someone on one of these networks goes out to the internet, it uses the
IP address of the external interface. This all works fine, but here's
my question:

I would like to set up a "routable" VLAN... that is, a VLAN that uses
routable addresses rather than non-routable ones. There's a few
instances where users need a routable IP address (for IPSec tunnels
and such), and I'd like to consider tackling the problem this way
rather than configuring static NATs. Can this be done? How would I
configure the VLAN's network? The network my external interface is on
is a /26 network, so I'd need this "routable" VLAN to use IP addresses
from the same network. Would I simply break the routable /26 network
into an even smaller network for this VLAN? Is it even worth doing
things this way as opposed to just configuring static NATs?

Any suggestions? Thanks in advance!!! -- BTR


Bryan,

Do you have your 6500 switch in Native or in Hybrid mode (do you have just
IOS or CatOS/IOS combination)? If you have it in Hybrid mode, then you
configure VLANs in CatOS, and then IP Interfaces in IOS. In this case you
just assign other ports into the "public" VLAN. Just make sure you either
assign static IP addresses or provide DHCP for these computers. If you have
the switch in Native mode, then it depends on how your "public" interface
(port) is configured. If port is configured as pure Layer3 interface, then
you need to create VLAN, change port to "switching" mode, and create
corresponding VLAN Interface. If your "public" port is already in
"switching" mode, then you just assign other ports to the same VLAN. For
example:

Hybrid:

CatOS
set vlan 100 3/1-10

MSFC
int vl 100
ip addr 12.1.2.3 255.255.255.192
...


Native:

int ran fa3/1 - 10
swi
swi mod acc
swi acc vl 100

int vl100
ip addr 12.1.2.3 255.255.255.292
...


Good luck,

Mike
CCNP, CCDP, CCSP, Cisco Voice, MCSE W2K, MCSE+I, Security+, etc.
CCIE R&S (in progress), CCIE Voice (in progress)
------
Headset Adapters for Cisco IP Phones
www.ciscoheadsetadapter.com
www.headsetadapter.com



.

Relevant Pages

  • Re: ERS 8600, simple setup, IP, VLANs, etc.
    ... management port is just used to hang an IP address to. ... associated with an interface, such as a VLAN. ... fairly functionally homogenous network), but something that is ... or OS virtuallization - except that networks have been doing this kind of ...
    (comp.dcom.sys.nortel)
  • [fw-wiz] "VLAN jumping" attack?
    ... no IP address or VLAN assigned to the physical interface, ... interface ethernet1 vlan1702 physical ... The "inside" network, VLAN1702, the one assigned to the physical ... Ethernet1 attaches to a Foundry 2402 switch, wherein the "default VLAN" is ...
    (Firewall-Wizards)
  • Re: 2600 router + 2924 switch and vlans
    ... I can route from a port ... assigned to the def vlan, but not from any port assigned to vlan 2 ... interface FastEthernet0/0 ... switchport trunk encapsulation isl ...
    (comp.dcom.sys.cisco)
  • config for securePlatform
    ... Cisco 3548XL Enterprise switch ... What I am trying to do is to utilize the VLAN feature so that I have ... one interface for all internal subnet's and one external interface. ... I am still not able to ping any adress in the network where the IP ...
    (comp.security.firewalls)
  • 3750 load balancing over dual links with seperated VLANs
    ... VLAN 1 and 5 are not to be routed over the WAN ... interface FastEthernet1/0/2 ... network 2.1.2.4 0.0.0.255 ...
    (comp.dcom.sys.cisco)