7. Small office configuration scenario with VLAN and internet access nr. 1

This scenario focus on:

host separation on appropriate VLAN
fa0/1.3 192.168.3.1/24 vlan 3 Students

.6 192.168.6.1/24 vlan 6 Staff

.9 192.168.9.1/24 vlan 9 Farm

.12 192.168.12.1/24 vlan 12 Admin&Native
inter VLAN communication with router on a stick scenario
interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.3

encapsulation dot1Q 3

ip address 192.168.3.1 255.255.255.0

ip nat inside

!

interface FastEthernet0/1.6

encapsulation dot1Q 6

ip address 192.168.6.1 255.255.255.0

ip nat inside

!

interface FastEthernet0/1.9

encapsulation dot1Q 9

ip address 192.168.9.1 255.255.255.0

ip nat inside

!

interface FastEthernet0/1.12

encapsulation dot1Q 12 native

ip address 192.168.12.1 255.255.255.0

ip access-group ADMIN in
basic admin VLAN security
ip access-list standard ADMIN

permit host 192.168.12.10

interface FastEthernet0/1.12

encapsulation dot1Q 12 native

ip address 192.168.12.1 255.255.255.0

ip access-group ADMIN in
DHCP with first nine excluded address
ip dhcp excluded-address 192.168.3.1 192.168.3.9

ip dhcp excluded-address 192.168.6.1 192.168.6.9

!

ip dhcp pool VLAN3

network 192.168.3.0 255.255.255.0

default-router 192.168.3.1

dns-server 192.168.9.254

ip dhcp pool VLAN6

network 192.168.6.0 255.255.255.0

default-router 192.168.6.1

dns-server 192.168.9.254
DNS server on host in VLAN 9 with IP 192.168.9.254/24
static NAT translation for server
ip nat inside source static 192.168.9.254 200.0.0.1
NAT with overload for private host accessing internet

ip nat inside source list NAT interface Serial0/0/0 overload

ip access-list standard NAT

permit 192.168.3.0 0.0.0.255

permit 192.168.6.0 0.0.0.255

Preconfigured scenario can be obtained from here (PKT 5.2 or above you need).

Topology diagram of descreibed network is on next picture. Host VLAN assignment is marked with configuration description