3 Replies Latest reply on Jun 20, 2012 7:12 AM by noor

    strategy for isolating networks on separate ports

    mpopkin New Member

      Hi All,


      I have a 3120 router and would like a general idea for how I can share a common WAN for internet access to 3 separate networks, but keep the networks isolated.


      This is to isolate 3 businesses at one location, sharing a single internet connection.





        • Re: strategy for isolating networks on separate ports

          @mpopkin - Thanks for posting your question on the forum!


          There are a couple of ways of doing what you want. Both options require that VLANs be configured for each of the 3 separate networks on the 3120. You will also want to make sure that you enable/create the VLAN interface so that you can assign an IP address for each VLAN. These VLAN IP addresses will be used as the default gateway for each network to get out to the internet. Also, creating these VLAN interfaces will allow you to configure security zones/access-policies for each business. You can also configure the security zones/access-policies to restrict VLANs from accessing each other.


          I wasn't quite sure how the 3 networks would be feeding into the 3120, but I'll go over a couple of options below:


          A.)     Each network will feed into a separate 3120 switchport:

          In this option, you will simply need to assign the switchport to the corresponding VLAN you created.


          B.)     All networks will access the 3120 using a single 3120 switchport:

          In this option, the switchport that is terminating the LAN connection will need to be set up as a trunk port. The switch that is plugging directly into this switchport will also need to be set up as a trunk using 802.1q encapsulation. Configuring the switchport as a trunk will allow for multiple VLANs to traverse the single LAN link to the 3120.


          You may also find the following link helpful. In example 4 on page 40, the guide goes over how to setup QoS for a multi-tenant setup similar to yours. It explains how you can limit the outbound internet connection on a per-tenant basis:

          Configuring QoS in AOS


          Please do not hesitate to let me know if you have any further questions.