creating a new subnet

Unanswered Question
Dec 4th, 2007

I have a CISCO 2811 router with 2 Gigabit Ethernet ports. One port is used by a firewall, and the other port is for the LAN. Currently, I have a flat network that I want to chnage by putting the servers in my data center on a different subnet. Since I don't have spare port on the router, is it possible to create subinterface (on the ethernet port connected to LAN) and how? What is the best practice?

Thank you much.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Tue, 12/04/2007 - 11:31


Sure you could create sub interfaces. You can connect the spare fe router interface to switch and use dot1q trunk, this is a basic script for a router and switch.

Say you need 2 d networks and repeat principle for other subnets if needed.


interface FastEthernet0/0

Description CONNECTION TO switchport

no ip address

no ip proxy-arp

duplex full

speed 100

interface FastEthernet0/0.2

Description VLAN3

encapsulation dot1Q 2 ( for vlan 2 on switch )

ip address

interface FastEthernet0/0.3

Description VLAN3

encapsulation dot1Q 3 ( for vlan 3 on switch )

ip address

on the switch config something like this:

vlan database

vtp domain test_net

vtp mode transparent

vlan 2 name vlan2

vlan 3 name vlan3

interface fastethernet0/1

Description Trunk to router_2811

switchport mode trunk

no shutdown

[edit] You said you have two Gigabit interfaces? the 2811 I believe have two built int 10/100 FE ports , are you using additional gigabit modules installed on router?



zfernandes Tue, 12/04/2007 - 13:58

I thought about VLANs just like you mentioned. Whats best practice and better design, VLANs or subnetting? I am not sure pros and cons of both ideas.

The 2 gigabit ethernet ports are built-in ports. Is it possible to add an Gigabit ethernet module to the router? There is room for one.

JORGE RODRIGUEZ Tue, 12/04/2007 - 14:59

Zennon, It all depends on size , the cons in doing it this way is you will be spliting the FE ports into logical subnets by which all intervlan routing traffic be routed through that one port, depending on how many servers total hosts you have.. you could place 3750-E and create SVIs, have 3750-E act as access/distribution if you will, crete vlans as well as do intervlan routing for local subnets in 3570, link up switch to FE port using /30 subnet on 2811 and have switch default route pointing to 2811 if using static routing.

There are many ways of doing but normally you want to follow basic model .Check this link at some branch office design example models to get an idea.

Also, the 2811 only have 2 builtin 10/100 FE ports, they are not gigabit ports.

I don't think there is gig-Ethernet modules but Im not sure.. if you have access you could check based on hardware model on this link.. do a check by hardware.



rate any helpful post if it helps

Richard Burts Tue, 12/04/2007 - 15:10


I would like to comment on one aspect of your question. You ask about VLANs and subnetting as if they were different and as if doing one prevented doing the other. In fact VLANs and subnetting go together. When you create multiple VLANs you need multiple subnets. Basically each VLAN requires a unique subnet. (it is not necessarily true that each subnet requires its own VLAN, but it is true that each VLAN requires its own subnet)

Jorge has some good comments about the differences between doing VLANs with a trunk to the router (which would have subinterfaces on the router interface) and which would do inter-vlan routing or the alternative of doing VLANs and using a layer 3 switch to do the inter-vlan routing. But these considerations come after you have made the decision to change from a flat network with only a single VLAN to a network with several VLANs and several subnets.



zfernandes Tue, 12/04/2007 - 16:00

Thanks. My initial intention was to create a seperate subnet for my data center on the 2811 router (core router), but i am running short on FE ports. Here I wouldn't need to use VLANs.

zfernandes Tue, 12/04/2007 - 15:48

Thanks Jorge. Good point; even though I have a small network, i don't want to clog the physical FE port with interlan traffic.


This Discussion