Segment a public IP block into multiple smaller blocks

Unanswered Question
Jun 30th, 2007
User Badges:

I have a requirement to emulate our customer's network in our lab. The customer has three separate WAN coming in and they are used to communicate with the internal servers with different purposes. Now I only have a single WAN handoff from our ISP with enough IPs to cover the requirements. How do I segregate it on a switch to satisfy the emulation?


Hardware: Cisco 6500

Public IP: 64-IP block


Want to:

Segment in to 32, 16, and 16 IP blocks;

Each block should has its own gateway and its clients can access the Internet.


I believe this is what ISP do to provide their customers with different block size of IPs. I am knowledgeable on how VLSM works. I am seeking for the information how the switch needs to be configured. A sample configuration or a online doc would be greatly appreciated. Please kindly advise.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
paolo bevilacqua Sat, 06/30/2007 - 10:16
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi,


just configure three VLAN interfaces with mask /27 and /28 carving off the public prefix. If your link to the internet router is not on the 6500, use another subnet / vlan (private address) to connect to it. That's it.


Hope this helps, please rate post if it does!

jackawang Sat, 06/30/2007 - 10:30
User Badges:

Thanks for your prompt response. Here is what I've done--


ISP provided:

64-IP block: 5.5.5.0/26

ISP side gateway: 5.5.5.1


On my Switch:

interface Vlan2

ip address 5.5.5.33 255.255.255.240

!

interface Vlan3

ip address 5.5.5.49 255.255.255.240

!

interface Vlan4

ip address 5.5.5.2 255.255.255.224

!

ip classless

ip route 0.0.0.0 0.0.0.0 5.5.5.1

!


I have the client gateways set to the IP address of each VLAN (5.5.5.2, 5.5.5.33 and 5.5.5.49). Only the clients on VLAN4 can access the Internet. Others show "Destination unreachable" when ping public IPs. Ports to clients on different VLANs are correctly configured and clients can ping their gateways.


paolo bevilacqua Sat, 06/30/2007 - 11:06
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Yes. The thing is that the ISP gateway at 5.5.5.1 believes that the whole /26 subnet is directly connected to his interface, thing that of course is not true. To work around that, make sure that you have "ip proxy-arp" enabled at least on vlan4 interface. Also, do a tracert on the PC's and let's see where it ends.

Actions

This Discussion