cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mpopkin
New Contributor

strategy for isolating networks on separate ports

Jump to solution

Hi All,

I have a 3120 router and would like a general idea for how I can share a common WAN for internet access to 3 separate networks, but keep the networks isolated.

This is to isolate 3 businesses at one location, sharing a single internet connection.

Thanks!

-mp

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: strategy for isolating networks on separate ports

Jump to solution

@mpopkin - Thanks for posting your question on the forum!

There are a couple of ways of doing what you want. Both options require that VLANs be configured for each of the 3 separate networks on the 3120. You will also want to make sure that you enable/create the VLAN interface so that you can assign an IP address for each VLAN. These VLAN IP addresses will be used as the default gateway for each network to get out to the internet. Also, creating these VLAN interfaces will allow you to configure security zones/access-policies for each business. You can also configure the security zones/access-policies to restrict VLANs from accessing each other.

I wasn't quite sure how the 3 networks would be feeding into the 3120, but I'll go over a couple of options below:

A.)     Each network will feed into a separate 3120 switchport:

In this option, you will simply need to assign the switchport to the corresponding VLAN you created.

B.)     All networks will access the 3120 using a single 3120 switchport:

In this option, the switchport that is terminating the LAN connection will need to be set up as a trunk port. The switch that is plugging directly into this switchport will also need to be set up as a trunk using 802.1q encapsulation. Configuring the switchport as a trunk will allow for multiple VLANs to traverse the single LAN link to the 3120.

You may also find the following link helpful. In example 4 on page 40, the guide goes over how to setup QoS for a multi-tenant setup similar to yours. It explains how you can limit the outbound internet connection on a per-tenant basis:

Configuring QoS in AOS

Please do not hesitate to let me know if you have any further questions.

Thanks,

Noor

View solution in original post

0 Kudos
3 Replies
Anonymous
Not applicable

Re: strategy for isolating networks on separate ports

Jump to solution

@mpopkin - Thanks for posting your question on the forum!

There are a couple of ways of doing what you want. Both options require that VLANs be configured for each of the 3 separate networks on the 3120. You will also want to make sure that you enable/create the VLAN interface so that you can assign an IP address for each VLAN. These VLAN IP addresses will be used as the default gateway for each network to get out to the internet. Also, creating these VLAN interfaces will allow you to configure security zones/access-policies for each business. You can also configure the security zones/access-policies to restrict VLANs from accessing each other.

I wasn't quite sure how the 3 networks would be feeding into the 3120, but I'll go over a couple of options below:

A.)     Each network will feed into a separate 3120 switchport:

In this option, you will simply need to assign the switchport to the corresponding VLAN you created.

B.)     All networks will access the 3120 using a single 3120 switchport:

In this option, the switchport that is terminating the LAN connection will need to be set up as a trunk port. The switch that is plugging directly into this switchport will also need to be set up as a trunk using 802.1q encapsulation. Configuring the switchport as a trunk will allow for multiple VLANs to traverse the single LAN link to the 3120.

You may also find the following link helpful. In example 4 on page 40, the guide goes over how to setup QoS for a multi-tenant setup similar to yours. It explains how you can limit the outbound internet connection on a per-tenant basis:

Configuring QoS in AOS

Please do not hesitate to let me know if you have any further questions.

Thanks,

Noor

0 Kudos
mpopkin
New Contributor

Re: strategy for isolating networks on separate ports

Jump to solution

Thanks, Noor!

I'll try applying option A.  The diagram and description in the QoS doc is also very helpful.

Regards,

-mp

Anonymous
Not applicable

Re: strategy for isolating networks on separate ports

Jump to solution

- I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.


Thanks,

Noor