Aug 15, 2011
tom

Share internet connection on router with 1 LAN interface for multiple VLANs

Question

My topology looks like this:

                                                                 <--> VLAN 1
               -------------         --------------------------
Internet <--> | Router / FW | <---> | Switch (VLANs + Subnets) | <--> VLAN 10
               -------------         --------------------------
                                                                 <--> VLAN 192

Currently, i have m0n0wall firewall/gateway (the router) and Layer 3 Dell Poweconnect 6200 series (6248) switch.

  • The routers LAN interface has IP
    10.10.1.127 / 22, so for VLAN 10 10.10.0.0 / 22 i have internet connection.
  • Also, i have routing set up between
    VLANs so i can ping any computer in
    any vlan from any vlan.

As i understand, i need an interface for each vlan on router to be able to give internet connection to that vlan. I’ve tried plugging additional interface, and i’ve managed to get internet connection on additional vlan (vlan i configured interface on).

Isn’t there any other possibility/routing option to share internet accross all vlans with 1 interface? I may have VLANs over 4 that needs internet connection. I may run out of PCI slots for that and it also wastes ports on my switch.

Change router/firewall?

Maybe the router software should be changed? It’s just a regular PC box. The router part is there for NATing, port forwarding and firewalling.

Change topology?

Maybe there is an alternative configuration option – like i could just put that box aside, plug internet into switch and just run all thraffic to/from internet throught that firewall? How do you call that – routing/firewalling on a stick? Is that possible?

Answer

as you have a layer-3 switch, you can create another vlan for your internet connection only, which will be connected to your router.

you can then assign members of different vlans to internet vlan for them to have internet access.

Basically setting up inter-vlan routing in your switch via “ip routing”.

default gateway for the switch would be the router taking it out to the internet either globally or a separate vlan.

Hope that helps

Related posts:

  1. Configuring a new core switch with VLANs
  2. Multiple VLANs, multiple subnets, single DHCP server?
  3. One Domain Controller and DHCP Server for multiple VLANS
  4. Linux Router with Single NIC
  5. Vlans and subinterfaces

Leave a comment