Routing between subnetworks

Answered Question
Jul 20th, 2008
User Badges:

Hi, i want to ask:


We have network 192.168.100.0/24 and now we need to establish new network 10.10.0.0/16 in same VLAN.


We need that users from 192.168.100.0 can communicate with network 10.10.0.0 and this two networks will be visible to each other, because we are plannig to move users from 192.168... to 10.10....


Infastructure:


There is catalyst 6509 (users are connecting here) with default route to ASA (192.168.200.3) - "ip route 0.0.0.0 0.0.0.0 192.168.200.3".

Then there is catalyst 3750 with "ip routing" between VLANs and default route "ip route 0.0.0.0 0.0.0.0 192.168.200.3"


.... between 6509 and 3750 is trunk enabled....

.... ASA is doing NAT and has static route to outside for network 192.168.100.0


So how to set up routing that users from 10.10.0.0 can work like users from 192.168.100.0? ....


We can't use VLANs and routing prtocols.


Thank you very much.

Correct Answer by izackvail about 8 years 10 months ago

Your hosts don't care what subnet mask the other hosts they are trying to communicate with have. They only care that the other host has an address in the range of their subnetwork. If the address is in their subnetwork they will attempt to arp for it and in this case they would get a reply from the printer as long as it is on the same segment.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
izackvail Sun, 07/20/2008 - 16:42
User Badges:
  • Bronze, 100 points or more

Cisco best practice recommends you setup a single subnet per vlan. If you choose to ignore best practice you could probably accomplish this with a secondary ip address on the 192.168.100.0/24 vlan.


interface vlan 1

ip address 10.10.0.1 255.255.0.0 secondary

tearl42 Sun, 07/20/2008 - 17:36
User Badges:

I agree, it's not best practice but I've done it before using the secondary IP address that Izack mentions above. Word of caution, if you can get out of vlan 1 with that large of a subnet I would do it. Later down the road it will only bring you heart burn. Trust me, I'm cleaning up this kind of a mess right now.


lubosbella Mon, 07/21/2008 - 00:53
User Badges:

Ok, thank you,


so, can you give me an advice what is the best solution/practise ?


.... i have users in network 192.168.100.0 but address space is exhausted for now - so i need to move them to new network f. e.: 10.0.0.0.


This networks must work simultaneous, but it is not necessary that user are visible from 10... to 192...., only must comunicate with servers and we can use VLANs.

Ryan Carretta Mon, 07/21/2008 - 02:09
User Badges:
  • Bronze, 100 points or more

Create a new vlan altogether and route between them.


Nowadays we generally recommend pushing routing down to the access-layer as a best practice, as it eliminates/quarantines instability caused by faulty hosts, STP, etc.

lubosbella Mon, 07/21/2008 - 04:25
User Badges:

Thanks,


if we create new vlan and will route between them users must by physically connected to new vlan on access switch, if i'm right?....but there is problem because not all endpoints are well documented so is problem idetify witch port on patch panel is assigned to end user... :(


Maybe there is other possibility i think - and it is to change subnet mask - so if network 192.168.100.0/24 is in use now then we can change mask for this network to 192.168.100.0/21 and problem we be solved?....users will use adresses 192.168.97-98-99-100-101-102-103.0/21...is this a corret way?


thanks.

izackvail Mon, 07/21/2008 - 05:57
User Badges:
  • Bronze, 100 points or more

This is really no different than your first solution. You still have multiple subnets on the same vlan. This would still require you to put a secondary ip on the svi for those new subnets. It would also require the gateway to proxy arp for some of the old addresses.


The best possible solution would be to spend the time and get out the toner and wand and document the network. If this is not an option I would tend to go with the first solution where there is a clear division between the old subnet and the new subnet.

lubosbella Mon, 07/21/2008 - 07:42
User Badges:

Maybe i wrote it in bad way :-).


My opinion is that i will change mask on all servers and clients. F.e.: IP address on ethernet interface for print server is 192.168.100.5/24 for now. I will change the mask to 192.168.100.5/16. Now we have client with ip adress 192.168.100.6/24 - i think this two devices (client and print server) will communicate. Then i will change all masks in network and from DHCP redistribute new mask for clients.


New client can have ip address 192.168.200.1/16 and have no problem to comunicate with others with mask /16 (maybe devices with static IP need manual change).


And of couurse i change masks and ip addresess for NAT, static routing,access listss on ASA.


Is this good way?...


Thanks.

Correct Answer
izackvail Tue, 07/22/2008 - 05:44
User Badges:
  • Bronze, 100 points or more

Your hosts don't care what subnet mask the other hosts they are trying to communicate with have. They only care that the other host has an address in the range of their subnetwork. If the address is in their subnetwork they will attempt to arp for it and in this case they would get a reply from the printer as long as it is on the same segment.

Actions

This Discussion