My Solution of VLAN Internet Access in College Network Setup
Author: Hassam Fathe Muhammad
Full-Stack Developer | Intern At M.M. | MERN Stack | Founder & Developer of AlphaTech Projects | Let’s connect to scale your business with tech!
📅 Date: July 20, 2025
📌 Project Background
For my 6th Semester Computer Communications & Networking Project (CCN) course, every student was required to choose a networking project to learn practical designing and administration.
I selected “Network Setup for a College” as my project.
🖥️ Design & Architecture
My design focused on two separate campus networks divided into smaller college departments or compartments.
🎯 Objective of My Personal Interest
Setting up VLANs for departmental networks was straightforward, but I had a personal goal:
How can VLANs access the outside world (Internet/WAN)?
As I kept learning network designing and administration, I got familiar with VLANs and configured inter-VLAN routing using dot1Q encapsulation.
The purpose of this article is to share my personal experience and the steps I took to enable internet access for VLANs in my project.
- I created VLANs on the switch level for each department.
- I used Router-on-a-Stick for inter-VLAN routing between different VLANs.
vlan 10
name ADMIN
vlan 20
name ACCOUNTS
vlan 30
name STUDENTS
interface fastEthernet 0/1
switchport mode access
switchport access vlan 10
interface fastEthernet 0/2
switchport mode access
switchport access vlan 20
interface fastEthernet 0/3
switchport mode access
switchport access vlan 30
interface fastEthernet 0/24
switchport mode trunk
interface fastEthernet 0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
interface fastEthernet 0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
interface fastEthernet 0/0.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
interface fastEthernet 0/0
no shutdown
⚠️ Challenge Faced
The problem began when I needed to route some of my traffic, for example public network requests and another central server that could be somewhere else on the internet or WAN side.
🧪 First Method That I Tried — OSPF (IGP) to Route Public IP Traffic
I attempted to use OSPF (IGP) to route public IP requests to an ISP Edge Router.
❗ Main Misconception & Realization
This approach failed because:
- The Router-on-Stick was not able to reach the next router due to missing NAT configuration.
- I had connected my Stick Router to another router which was NAT-enabled but:
- The public IP Web Server Requests originated from VLAN PCs.
- Those PCs needed NAT on the stick router itself.
- Access Lists (ACLs) were required to allow VLAN networks to reach the WAN.
👉 I mistakenly restricted the Stick Router to VLAN routing only, without NAT setup.
💭 Lessons After Failing Initially
Even after using AI tools and guidance, I couldn’t fix it.
This made me question:
"Are VLANs even allowed to access WAN or public IP?"
But I reminded myself:
“Internet access is a basic need for any network setup!”
📹 How I Finally Solved It
After failing multiple times, I searched YouTube for help. I found a clear explanation video that solved my problem.
The main takeaway was:
- I needed to enable NAT directly on the Stick Router,
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 1 permit 192.168.30.0 0.0.0.255
interface fastEthernet 0/1
ip address dhcp
ip nat outside
interface fastEthernet 0/0.10
ip nat inside
interface fastEthernet 0/0.20
ip nat inside
interface fastEthernet 0/0.30
ip nat inside
ip nat inside source list 1 interface fastEthernet 0/1 overload
- Configure Access Control Lists (ACL) to allow VLAN traffic to reach the WAN interface,
- The WAN interface had a DHCP-assigned private IP, which could then communicate with the internet using NAT.
Top comments (0)