- Posts: 7
- Thank you received: 0
Question about Catalyst 2924 Lan Segmentation
- Speedys123
- Topic Author
- Offline
- New Member
Less
More
20 years 7 months ago #3876
by Speedys123
Question about Catalyst 2924 Lan Segmentation was created by Speedys123
Hi there all... I'm looking for some quick help. I'm trying to do something I thought would be fairly simple, but I can't seem to figure out exactly how to make it happen.
Heres a quick description of what I'm trying to do and my system setup. I have a RC cable modem connected to my Cisco 2620 Router. The router gets its IP address from the cable modem through DHCP, and runs NAT/PAT for the connected workstations. The router and six workstations are connected to a Catallyst 2924 switch. I'm looking to run various game servers and a file server on the internet.
Now I know I could/may be able to use port forwarding on the router, but things will work better if I don't I'm sure. So... what I'd like to do is segment the 2924 into two seperate LANS. I'd like to connect the cable modem, the 2620, and the server to say, the 1st three ports. And then connect the workstations to the last 6 ports. The end result would hopefully be that the cable modem assigns DHCP addresses to the 2620 and the server on one LAN. And then the 2620 assigns DHCP addresses and does the NAT work on the other LAN.
This would save me the trouble of having 2 switches running. Is it possible to do this on a 2924?
Heres the show version on the 2924:
show version
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC3b, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Fri 15-Feb-02 10:14 by antonino
Image text-base: 0x00003000, data-base: 0x00337600
ROM: Bootstrap program is C2900XL boot loader
speedys2924 uptime is 34 minutes
System returned to ROM by power-on
System image file is "flash:c2900XL-c3h2s-mz-120.5-XU.bin"
cisco WS-C2924C-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory.
Last reset from power-on
Processor is running Enterprise Edition Software
Cluster command switch capable
Cluster member switch capable
24 FastEthernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:02:4B:6D:9B:00
Configuration register is 0xF
speedys2924>
If anyone has any questions, I'd be more than happy to answer. Thanks everyone!
Chris
Heres a quick description of what I'm trying to do and my system setup. I have a RC cable modem connected to my Cisco 2620 Router. The router gets its IP address from the cable modem through DHCP, and runs NAT/PAT for the connected workstations. The router and six workstations are connected to a Catallyst 2924 switch. I'm looking to run various game servers and a file server on the internet.
Now I know I could/may be able to use port forwarding on the router, but things will work better if I don't I'm sure. So... what I'd like to do is segment the 2924 into two seperate LANS. I'd like to connect the cable modem, the 2620, and the server to say, the 1st three ports. And then connect the workstations to the last 6 ports. The end result would hopefully be that the cable modem assigns DHCP addresses to the 2620 and the server on one LAN. And then the 2620 assigns DHCP addresses and does the NAT work on the other LAN.
This would save me the trouble of having 2 switches running. Is it possible to do this on a 2924?
Heres the show version on the 2924:
show version
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC3b, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Fri 15-Feb-02 10:14 by antonino
Image text-base: 0x00003000, data-base: 0x00337600
ROM: Bootstrap program is C2900XL boot loader
speedys2924 uptime is 34 minutes
System returned to ROM by power-on
System image file is "flash:c2900XL-c3h2s-mz-120.5-XU.bin"
cisco WS-C2924C-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory.
Last reset from power-on
Processor is running Enterprise Edition Software
Cluster command switch capable
Cluster member switch capable
24 FastEthernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:02:4B:6D:9B:00
Configuration register is 0xF
speedys2924>
If anyone has any questions, I'd be more than happy to answer. Thanks everyone!
Chris
20 years 6 months ago #4270
by n8
Replied by n8 on topic Re: Question about Catalyst 2924 Lan Segmentation
Speedy,
II believe the NAT in your 2620 only 'proxies' your workstation traffic based on outbound connections. There is no way for inbound connections (client connections to a game server) to know which server on your local lan to connect to. All they know is your WAN ip and the port they want to connect to. As far as the rest, it would have to be done by port forwarding on your router.
Regarding seperating your network into two lans. You could associate a handful of ports on your 2924 to vlan 2 (or any number other than 1) and a seperate handful of ports to vlan 3. Anything you plug into vlan 2 would only be accessible by hosts on vlan 2. The only catch is you have to have a router in-between to forward traffic between vlans. I don't see how this could benefit you in any way.
I think the easiest thing you could do is plug your cable modem into your 2620 and connect your 2620 to the 2924 (assuming you need more ports) - if all the 2924 ports are still on vlan 1. Then connect all your servers and workstations to the 2924 (or connect a few to 2620) and give them static IP addresses. 10.0.0.x or whatever. Assign a lan ip to your router (another 10.0.0.x like 10.0.0.1 or whatever) and make that the default gateway on all of your local machines.
Statically assign DNS servers to all your internal hosts.
Now configure port forwarding on the router to forward port TCP/2345 or any other port to the appropriate port on host 10.0.0.x. Do so for all your servers.
Now anyone on the web can hit up your WAN ip (ip assigned by your provider to your router) and hit the forwarded port which will forward to your internal host specified by the configuration in your router.
II believe the NAT in your 2620 only 'proxies' your workstation traffic based on outbound connections. There is no way for inbound connections (client connections to a game server) to know which server on your local lan to connect to. All they know is your WAN ip and the port they want to connect to. As far as the rest, it would have to be done by port forwarding on your router.
Regarding seperating your network into two lans. You could associate a handful of ports on your 2924 to vlan 2 (or any number other than 1) and a seperate handful of ports to vlan 3. Anything you plug into vlan 2 would only be accessible by hosts on vlan 2. The only catch is you have to have a router in-between to forward traffic between vlans. I don't see how this could benefit you in any way.
I think the easiest thing you could do is plug your cable modem into your 2620 and connect your 2620 to the 2924 (assuming you need more ports) - if all the 2924 ports are still on vlan 1. Then connect all your servers and workstations to the 2924 (or connect a few to 2620) and give them static IP addresses. 10.0.0.x or whatever. Assign a lan ip to your router (another 10.0.0.x like 10.0.0.1 or whatever) and make that the default gateway on all of your local machines.
Statically assign DNS servers to all your internal hosts.
Now configure port forwarding on the router to forward port TCP/2345 or any other port to the appropriate port on host 10.0.0.x. Do so for all your servers.
Now anyone on the web can hit up your WAN ip (ip assigned by your provider to your router) and hit the forwarded port which will forward to your internal host specified by the configuration in your router.
Time to create page: 0.113 seconds