My Solution of VLAN Internet Access in College Network Setup

Author: Hassam Fathe Muhammad

Full-Stack Developer | Intern At M.M. | MERN Stack | Founder & Developer of AlphaTech Projects | Let’s connect to scale your business with tech!

📅 Date: July 20, 2025

📌 Project Background

For my 6th Semester Computer Communications & Networking Project (CCN) course, every student was required to choose a networking project to learn practical designing and administration.

I selected “Network Setup for a College” as my project.

🖥️ Design & Architecture

My design focused on two separate campus networks divided into smaller college departments or compartments.

🎯 Objective of My Personal Interest

Setting up VLANs for departmental networks was straightforward, but I had a personal goal:

How can VLANs access the outside world (Internet/WAN)?

As I kept learning network designing and administration, I got familiar with VLANs and configured inter-VLAN routing using dot1Q encapsulation.

The purpose of this article is to share my personal experience and the steps I took to enable internet access for VLANs in my project.

• I created VLANs on the switch level for each department.
• I used Router-on-a-Stick for inter-VLAN routing between different VLANs.

vlan 10 name ADMIN vlan 20 name ACCOUNTS vlan 30 name STUDENTS interface fastEthernet 0/1 switchport mode access switchport access vlan 10 interface fastEthernet 0/2 switchport mode access switchport access vlan 20 interface fastEthernet 0/3 switchport mode access switchport access vlan 30 interface fastEthernet 0/24 switchport mode trunk 

interface fastEthernet 0/0.10 encapsulation dot1Q 10 ip address 192.168.10.1 255.255.255.0 interface fastEthernet 0/0.20 encapsulation dot1Q 20 ip address 192.168.20.1 255.255.255.0 interface fastEthernet 0/0.30 encapsulation dot1Q 30 ip address 192.168.30.1 255.255.255.0 interface fastEthernet 0/0 no shutdown 

⚠️ Challenge Faced

The problem began when I needed to route some of my traffic, for example public network requests and another central server that could be somewhere else on the internet or WAN side.

🧪 First Method That I Tried — OSPF (IGP) to Route Public IP Traffic

I attempted to use OSPF (IGP) to route public IP requests to an ISP Edge Router.

❗ Main Misconception & Realization

This approach failed because:

• The Router-on-Stick was not able to reach the next router due to missing NAT configuration.
• I had connected my Stick Router to another router which was NAT-enabled but:
  • The public IP Web Server Requests originated from VLAN PCs.
  • Those PCs needed NAT on the stick router itself.
  • Access Lists (ACLs) were required to allow VLAN networks to reach the WAN.

👉 I mistakenly restricted the Stick Router to VLAN routing only, without NAT setup.

💭 Lessons After Failing Initially

Even after using AI tools and guidance, I couldn’t fix it.

This made me question:

"Are VLANs even allowed to access WAN or public IP?"

But I reminded myself:

“Internet access is a basic need for any network setup!”

📹 How I Finally Solved It

After failing multiple times, I searched YouTube for help. I found a clear explanation video that solved my problem.

The main takeaway was:

• I needed to enable NAT directly on the Stick Router,

access-list 1 permit 192.168.10.0 0.0.0.255 access-list 1 permit 192.168.20.0 0.0.0.255 access-list 1 permit 192.168.30.0 0.0.0.255 interface fastEthernet 0/1 ip address dhcp ip nat outside interface fastEthernet 0/0.10 ip nat inside interface fastEthernet 0/0.20 ip nat inside interface fastEthernet 0/0.30 ip nat inside ip nat inside source list 1 interface fastEthernet 0/1 overload 

• Configure Access Control Lists (ACL) to allow VLAN traffic to reach the WAN interface,
• The WAN interface had a DHCP-assigned private IP, which could then communicate with the internet using NAT.