VLAN routing setup

ok so i know that when enable inter vlan routing you dont use an IP address on the main ethernet interface and you configure the subinterfaces with ip address's.

Iam looking at implementing VLANs into my actual work, however our router Cisco 1721 has only one ethernet interface which already has an IP address assingned to it, which is our default gateway.

So in this type of setup i would need to have a router with two ethernet interfaces right? one would be the gateway and the other would be used for VLAN purposes.

Is this correct?
thanks

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

darwinism

Typically you run a IP range per VLAN and make the sub-interfaces the default gateways.

mzinz

I think he means that because he only has one Ethernet interface, he can only connect one other network device. The Eth interface is currently leading OUT to his ISP, so he would need another Eth interface to assign sub-ints/VLANS to.

david_r

If that ethernet interface is his default gateway, it is likely connected to his switch. So he just needs to follow mzinz' other post on how to configure router on a stick.

int fast 0/0
no ip address

int fast 0/0.1
encap dot1q 1
ip address (default gateway IP)

int fast 0/0.2
encap dot1q 2
ip address (dfg for vlan2)

etc.

If you want to hang another switch off the 1721, it has 2 WIC slots. Are they both full at the moment? But why would you want to do that?

rakem

yes we only have one ethernet interface that is connected to a switch. Currently our workstation use the ethernet interface as the gateway for internet access.

SO if i create subinterfaces, and assign the IP address of the subint as the default gateway, how do my workstatoions access the internet?

david_r

AFAIK, the same way. Each VLAN will have a different default gateway. If you are NATing, you'll have to add your new networks to your ACL. If you are running public IPs assigned by your ISP, you'll have to subnet what you have or request more space.
Your router is going to have a (likely static) route to the internet. Nothing is going to change with that. It'll still receive traffic from your LAN destined for the internet, check it's routing table and forward it to your ISP. * a gotcha might be if you have your static route's set to exit out an interface as opposed to hit the next hop IP address.

What did you plan to do with 2 ethernet interfaces?

If you hit ciscos website on the 1721, you'll notice they tout the ability of it to do just what you want -- trunk 802.1Q and the 1721 is built as a low cost solution to provide WAN connectivity to a branch office.

Currently our workstation

Did you mean worstations? If you only have one workstation, why would you want to create VLANs? I would never suggest experimenting on production equipment for the fun of it.

rakem

yea of course i meant workstations, we have about 200 of them.

So im just making sure that by entering in the IP address of the subinterface for the default-gateway on my workstationS that they will still be able to access the internet and our remote sites.

david_r

We'd have to see the routing setup on the router but yes, you have the basic idea.

pannupandit

well can we break an ethernet interface into sub-interfaces. I have done it so far on fats ethernet interfaces. If somebody know do tell me also.
thanx

pr3d4t0r

pannupandit wrote:

well can we break an ethernet interface into sub-interfaces. I have done it so far on fats ethernet interfaces. If somebody know do tell me also.
thanx

david's configuration don't work for u?

Danman32

You could have one of your VLANs handle your internet traffic, or add one specifically for that purpose. Then connect your broadband router/firewall/modem to a port on the switch assigned to that VLAN.
On the router, you would have a corresponding subinterface representing that VLAN. The router could use a route of last resort (default gateway) using the IP of the router/firewall/modem going through the correct subinterface.