Segment a public IP block into multiple smaller blocks

Unanswered Question
Jun 30th, 2007

I have a requirement to emulate our customer's network in our lab. The customer has three separate WAN coming in and they are used to communicate with the internal servers with different purposes. Now I only have a single WAN handoff from our ISP with enough IPs to cover the requirements. How do I segregate it on a switch to satisfy the emulation?

Hardware: Cisco 6500

Public IP: 64-IP block

Want to:

Segment in to 32, 16, and 16 IP blocks;

Each block should has its own gateway and its clients can access the Internet.

I believe this is what ISP do to provide their customers with different block size of IPs. I am knowledgeable on how VLSM works. I am seeking for the information how the switch needs to be configured. A sample configuration or a online doc would be greatly appreciated. Please kindly advise.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Paolo Bevilacqua Sat, 06/30/2007 - 10:16


just configure three VLAN interfaces with mask /27 and /28 carving off the public prefix. If your link to the internet router is not on the 6500, use another subnet / vlan (private address) to connect to it. That's it.

Hope this helps, please rate post if it does!

jackawang Sat, 06/30/2007 - 10:30

Thanks for your prompt response. Here is what I've done--

ISP provided:

64-IP block:

ISP side gateway:

On my Switch:

interface Vlan2

ip address


interface Vlan3

ip address


interface Vlan4

ip address


ip classless

ip route


I have the client gateways set to the IP address of each VLAN (, and Only the clients on VLAN4 can access the Internet. Others show "Destination unreachable" when ping public IPs. Ports to clients on different VLANs are correctly configured and clients can ping their gateways.

Paolo Bevilacqua Sat, 06/30/2007 - 11:06

Yes. The thing is that the ISP gateway at believes that the whole /26 subnet is directly connected to his interface, thing that of course is not true. To work around that, make sure that you have "ip proxy-arp" enabled at least on vlan4 interface. Also, do a tracert on the PC's and let's see where it ends.


This Discussion