In late 2003 I described how part of my home network looked:
cable modem - cisco router - freebsd fw/gw - cisco switch - clients
This past weekend I decided to remove the firewall/gateway from the picture. When the router is deployed like this, it's called a "router on a stick."
cable modem - cisco router - cisco switch - clients
In that late 2003 story I explained how I set up 802.1q on the FreeBSD system to pass traffic between VLANs on the Cisco switch. Without that FreeBSD in place, I needed to configure my Cisco 2651XM router to exchange inter-VLAN traffic.
Luckily this Cisco document came to the rescue. The process was fairly simple. I administered the router via console cable, so none of my changes resulted in being locked out of one of the interfaces. I don't recommend letting anyone be able to connect to a Cisco router interface, in any case. (For a great presentation on router security, check out this .pdf of a presentation by Sean Convery and Matthew Franz.)
First I removed the IP address previously assigned to the interface facing the switch:
int fa0/1
no ip address 192.168.40.2 255.255.255.0
Next I created an IP address to handle VLAN 10, which is a 10.10.10.0/24 network. Note the use of '0/1.1' instead of '0/1':
int fa0/1.1
encapsulation dot1Q 10
ip address 10.10.10.1 255.255.255.0
Then I created an IP address to handle VLAN 20, which is a 172.27.20.0/24 network. Note the use of '0/1.2':
int fa0/1.2
encapsulation dot1Q 20
ip address 172.27.20.1 255.255.255.0
That's it. Now if a system on VLAN 10 needs to talk to a system on VLAN 20, the router will pass the traffic.
0 komentar:
Posting Komentar