Converge two internal LANs

Unanswered Question
Jun 4th, 2007

Hello group,

I'm just getting back into routing after a 5 year absence. I'm looking for some sanity checks and a bit of help:

The goal is to connect two internal LANs using a 2651 then control the traffic with access lists.

I have two 10/100 Ethernet ports on this router setup like so:

Fa 0/0 - 10.0.0.41/23 main production LAN (PLAN)

Fa 0/1 - 10.5.0.1/23 primary and 192.169.0.55/24 secondary on the maintenance LAN (MLAN)

The goal here is allow controlled communication between the MLAN and the PLAN using access lists. SMTP, some printing file server access etc.

Currently the MLAN is addressed using the 192.169.0.0/24 range (a typo by the original net admin). I want to eventually get them to 10.5.0.0/23 therefore I've setup primary and secondary IP addresses on Fa 0/1 so I can transition the addressing gradually whilst still allowing traffic from both subnets to get to the PLAN. Basically I want traffic to move through this router whether you're a 10.5.0.0 or a 192.169.0.0 node.

*Do I need to create an access list between the primary and secondary interface addresses permitting traffic on either range in either direction? I imagine this is how stations with 10 addresses talk to stations with 192 addresses while the addressing is in transition?

*How about getting traffic from FA 0/1 to the Fa 0/0 interface. Do I need to create access lists for both subnets (10.5.0.0 and 192.169.0.0)? I imagine an access group OUT on the Fa 0/1 interface and an access group IN on the Fa 0/0 interface but it?s been so long since I've done this that I can't remember the rules.

*If I'm simply moving traffic from 0/1 to 0/0 then is a route statement even necessary since its traffic between two interfaces on the same router?

I hope I've articulated this well enough for anyone attempting an answer. I can certainly clarify if needed.

TIA

-J

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sbilgi Fri, 06/08/2007 - 12:04

I think there is nothing called secondary interface. Same interface is assigned a secondary address. so you need to create extended access list pointing inside of Fa/0 for both the networks .

Actions

This Discussion