3. Internet connection for small office with VLAN

This scenario is extension of article 1 where we have enabled internet access for our simple home or small office network. Our scenarios focus only proper connectivity without any access lists for adding local office policy.

For expecting work of this network you must:

  • configure VTP and VLAN
  • set STP 802.1D priority (STP about)
  • inter VLAN communication in router on a stick scenario
  • default route to ISP and static route pointing to Branch
  • PPP encapsulation on local loop to ISP central office
  • basic access passwords for network devices in topology
  • select proper cabling 
  • configure end devices with static or DHCP added IP and DNS
  • enable and adjust www, DNS, TFTP services
  • assign address from suggested networks

Training topology (configured PKT 5.2 lab)

VTP and VLAN on Staff switch is

STP configuration Admins and Staff sw is

   spanning-tree vlan 1,10 priority 24576

   spanning-tree vlan 20,30 priority 28672
 
Appropriate show command issued on Staff switch lead to expected root bridge election and port roles and states

Router interfaces was configured as it is listed in output Branch#show IP interface brief

Routers running configuration is:
 
hostname Branch
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
ip dhcp excluded-address 172.16.20.224 172.16.20.254 address excluded from DHCP pool
!
ip dhcp pool StaffLAN                                 DHCP pool configuration 
 network 172.16.20.0 255.255.255.0
 default-router 172.16.20.254
 dns-server 172.16.10.253
!
username ISP password 0 pppcisco      access password for oposite end of ppp link used during chap 3 way handshake
!
no ip domain-lookup   router will not interpret incorrectly typed commands as domain names
!
interface FastEthernet0/0   
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 172.16.20.254 255.255.255.0
 ip nat inside  marking interface inside „local“ for NAT
!
interface FastEthernet0/1  address was removed or not configured on interface divided on subinterfaces in router on a stick
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.10
 encapsulation dot1Q 10 native   native keyword mark VLAN used for untagged traffic – from default 1 moved to 10
 ip address 172.16.10.254 255.255.255.0
 ip nat inside   marking interface inside „local“ for NAT
!
interface FastEthernet0/1.30
 encapsulation dot1Q 30
 ip address 172.16.30.254 255.255.255.0
 ip nat inside     marking interface inside „local“ for NAT
!
interface Serial0/0/0
 ip address 198.160.130.5 255.255.255.252
 encapsulation ppp     encpasulation and authentification on ppp link
 ppp authentication chap
 ip nat outside   marking interface as outside „local“ for NAT
!
interface Serial0/0/1
 no ip address
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
ip nat inside source list Allowed interface Serial0/0/0 overload  PAT with interface s0/0/0 overload command
ip nat inside source static 172.16.10.253 198.160.130.1   static NAT translation for connectivity to inside company web server from outside network
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0   default route used for routing outgoing traffic
!
!
ip access-list standard Allowed         access list marking clients allowed for NAT translation
 permit 172.16.10.0 0.0.0.255
 permit 172.16.20.0 0.0.0.255
 permit 172.16.30.0 0.0.0.255
access-list 1 permit 172.16.10.0 0.0.0.255
!
line con 0
 exec-timeout 30 0
 password cisco
 logging synchronous
 login
line vty 0 4
 access-class 1 in
 exec-timeout 30 0
 password cisco
 logging synchronous
 login
!
end

On DNS, www.company.sk server are made these settings

DNS records