vLANs for Public IP Assignment

Thanks for your reply. 

to answer your questions: 

1. No we will not use a Firewall. 

2. The ISP is using Cisco Equipment not sure about the mode. 

a. The ISP did not provide any vLAN IDs therefore I don't expect them to be a vLAN aware. 

Can you please provide me with more details on this, as I did not really get what you mean by "you will need a two drop coming from the ISP. One for each subnet, and the port settings would be access mode for the VLAN corresponding to the subnet." 

Do you mean I should have 2 Links each one going to a port on the switch? I did not understand this well.

Thank you.

Adam 

Daniel;

I have asked about 15 network Administrators online and non of them was able to give me straight answer.  Your answer was the only one that made sense and logical.

I will work with my ISP on getting vLANs, then I will get a single drop to my switch and set it as  Trunk or General mode with Tagged VLANs across it.

I may come back for more questions :-)

Thanks

Hello Daniel;

Thanks for your response, The ISP is using Cisco device and agreed to supply me with vLAN ID.  

here is a summary of what I would be doing, Please correct me if I'm wrong:

1.  For the traffic coming from my ISP to my L3 Switch  

Setup a general mode port on my L3 switch

console(config)#interface ethernet 1/g24

console(config-if-1/g8)#switchport general pvid # <------ vLAN ID supplied by the ISP.

2. Follow the setups (1,2,3 & 4) That you have provided earlier to configure vLANs, Add static route for Public traffic & trunk port for xenserver.

few unanswered questions.

1. for general mode port, if I do not specify vLAN number, will it still pass the traffic like an access port ?

2.  is there a limit of how many static routes I can create?

3. If I setup 0.0.0.0 0.0.0.0 192.168.168.168 to forward the traffic to my LAN router will this conflict with public vLANS static routes mentioned mentioned earlier ?

Thank you kindly.

Adam

Thanks for the quick reply. 

i'm asking too many questions at the same times (I apologize about that).  Please ignore question #3 for now and let us focus on question #1. 

from your answer:

By default a general port PVID is VLAN 1. And the port should accept all VLAN traffic but as untagged traffic. This is why we run the allowed command with tagged at the end of the command.

- ISP single drop to my 6224 switch on port 24

Q1. if I go ahead and setup general mode on port 1/g24 ( i have to tag local created vLANS v10 & v20 instead of ISP supplied vlan ID). (correct? )

Q2  the command ip route 192.158.13.0 255.255.255.0 192.158.13.1 will forward the traffic from vlan 10 to outside via  port 24 because it has vlan 10 tagged. (correct? )

Thank you kindly. 

Thank you very much Daniel for your detailed answer

Now I think I got the full picture. Based on your explanation, My L3 Switch will be just like an extender to ISP network.

I will work on getting that done and see what happens.

- To answer your question, Yes (It's a data center) and my servers are hosted in a Rack.

The project I'm working on, is small public cloud (Firewall will be created inside xenserver as a  virtual appliance)

Hello Daniel;

I have asked the ISP to assign me a trunk port on their end and I did the same thing on my end and everything worked beautiful without adding any routes.

ISP ----- > (Trunk Vlan 78) ----- > Switch port 47 ( Trunk Vlan 78)  ----> Switch port 15 (Trunk vlan 78) ----> XenServer

Thanks very much for your help :)

Adam