I agree, it's not best practice but I've done it before using the secondary IP address that Izack mentions above. Word of caution, if you can get out of vlan 1 with that large of a subnet I would do it. Later down the road it will only bring you heart burn. Trust me, I'm cleaning up this kind of a mess right now.

Ok, thank you,

so, can you give me an advice what is the best solution/practise ?

.... i have users in network 192.168.100.0 but address space is exhausted for now - so i need to move them to new network f. e.: 10.0.0.0.

This networks must work simultaneous, but it is not necessary that user are visible from 10... to 192...., only must comunicate with servers and we can use VLANs.

Create a new vlan altogether and route between them.

Nowadays we generally recommend pushing routing down to the access-layer as a best practice, as it eliminates/quarantines instability caused by faulty hosts, STP, etc.

Thanks,

if we create new vlan and will route between them users must by physically connected to new vlan on access switch, if i'm right?....but there is problem because not all endpoints are well documented so is problem idetify witch port on patch panel is assigned to end user... :(

Maybe there is other possibility i think - and it is to change subnet mask - so if network 192.168.100.0/24 is in use now then we can change mask for this network to 192.168.100.0/21 and problem we be solved?....users will use adresses 192.168.97-98-99-100-101-102-103.0/21...is this a corret way?

thanks.

This is really no different than your first solution. You still have multiple subnets on the same vlan. This would still require you to put a secondary ip on the svi for those new subnets. It would also require the gateway to proxy arp for some of the old addresses.

The best possible solution would be to spend the time and get out the toner and wand and document the network. If this is not an option I would tend to go with the first solution where there is a clear division between the old subnet and the new subnet.

Maybe i wrote it in bad way :-).

My opinion is that i will change mask on all servers and clients. F.e.: IP address on ethernet interface for print server is 192.168.100.5/24 for now. I will change the mask to 192.168.100.5/16. Now we have client with ip adress 192.168.100.6/24 - i think this two devices (client and print server) will communicate. Then i will change all masks in network and from DHCP redistribute new mask for clients.

New client can have ip address 192.168.200.1/16 and have no problem to comunicate with others with mask /16 (maybe devices with static IP need manual change).

And of couurse i change masks and ip addresess for NAT, static routing,access listss on ASA.

Is this good way?...

Thanks.

?

Thanks you very much.