You're going to want to use sub-interfaces for both VLAN's, use "router on a stick" as your google-fu keywords.
-wil On Feb 9, 2011, at 2:28 PM, Tim Donahue wrote: > Sorry for the slightly OT question, but my google-fu can't seem to find a > definitive answer for this. > > We recently replaced our Checkpoint firewall with a Fortigate FW and our > business requirements have grown for the FW. We need to setup an virtual > domain with a new network to meet the new requirements, and I want to create > this using the existing external interface and add a .1q tagged vlan for the > virtual domain. According to the Fortigate documentation, there should be no > problem configuring this on the firewall. > > The firewall is directly connected to a Cisco 3845 using the built in gig 0/0 > port. If it is possible, I would like to leave the existing subnet as > untagged so we don't need to interrupt traffic to the firewall. I would like > to add the second subnet on a dot1q tagged sub interface. If memory serves > me correctly, the configuration below should accomplish this but it has been > quite a while since the last time I worked with a Cisco router. > > interface gigabitEthernet 0/0 > ip address 10.1.10.1 255.255.255.0 > ! > interface gigabitEthernet 0/0.20 > encapsulation dot1q 20 > ip address 10.1.20.1 255.255.255.0 > ! > > In the end, it all boils down to a couple questions. > > Can the internal Gigabit interfaces on the 3845 support VLAN tagging, or > would I need the HWIC-1GE-SFP which states it supports vlan trunking in the > data sheet? > > Do routed interfaces on the 3845 offer the ability to support tagged and > untagged traffic as configured above? > > Thank you, > > Tim Donahue > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
