I've been reading on untagged subinterfaces and I'm not sure this scenario would even work for what I want to do. Basically I want to segment different two zones coming over the same interface. I usually accomplish this by creating a virtual-router on the core and running cables to different ports. License and hardware limitations prevent it in this scenario.
The basic setup:
ethernet1/1: 18.104.22.168 (WAN IP)
ethernet1/2.10: 10.10.10.1/24 (LAN Zone)
ethernet1/2.99: 10.10.99.1/24 (Guest Zone)
LAN and Guest would not be able to talk. Both zones would NAT to the internet over the same WAN IP.
I know you have to do source NAT with subinterfaces, but will this scenario even work for untagged? Would I need to add an IP address to the base ethernet1/2 and NAT to that? I've tried several different NAT configurations with no success.
@ClintL, is your switch trunking to eth1/1? If so, its egress port or interface is sending traffic with vlan tags and you would need to receive/send that tagged traffic on tagged sub-interfaces. usually, the only interface untagged is the non-sub-interface in your case eth 1/1 where all sub-interfaces carry tagged traffic. If it is not trunking, there would be no way to diff the traffic across the link. the same would go with vWires.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!