Vlans vs. network mask

Answered Question
Feb 4th, 2009
User Badges:

Hi,


my scenario:


I have c6509 switch and there are two vlans (10,20) configured.


In Vlan10 is 300 users and vlan5 100 users. IP address for vlan10 is 192.168.100.1/24 and for vlan20 192.168.101.1/24.


Now we changed network mask for clients in vlan10 to 192.168.96.0/21. Of course client with ip address 192.168.102.123/21 cant comunicate with c6509 in vlan10 because there is old mask on interface vlan10. But i cant change mask on vlan10 interface to 192.168.100.1/21 because it is overlaping ip range in vlan20.


So now im searching for same acceptable solution, that will be best and easy.


Thanks.

Correct Answer by Richard Burts about 8 years 3 months ago

Lubos


I am glad that it looks like the configuration of secondary addresses is working. I believe that this can be a workable solution for your issue.


But I agree that the solution with re-addressing so that you keep 2 VLANs and only 2 subnets, with different subnet masks on the subnets is a more preferable solution. With appropriate static routes it should work just fine.


HTH


Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Richard Burts Wed, 02/04/2009 - 05:33
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Lubos


The choice of IP addresses and masks does not give you room to grow in either of the VLANs/subnets beyond the 254 useable addresses in each subnet. There is not a way to make the subnet in VLAN 10 larger without overlapping the subnet of VLAN 20. I can see 2 choices for your situation:

- you could re-address the machines in VLAN 20, move them to some other range and make the subnet in VLAN 10 larger as your post indicates.

- you could leave both address ranges in place and you could configure another /24 in VLAN 10 using secondary addressing on the interface. It might look something like this:

interface vlan 10

ip address 192.168.100.1 255.255.255.0

ip address 192.168.102.1 255.255.255.0 secondary


HTH


Rick

lubosbella Wed, 02/04/2009 - 06:40
User Badges:

Thank Rick,


i was thinking about two solutions that you propose me.


1.

- re-adressing ... i can change adresses like this?:


192.168.100.0/22 for hosts in vlan10, ip address for vlan10 will be 192.168.100.1/22 on c6509. (1022 users)


192.168.96.0/23 for hosts in vlan20, IP address for vlan20 will be 192.168.96.1/23 on c6509. (510 users)


address space 192.168.98.0/23 will be free and can be used for future purposes like other vlan, with gateway address 192.168.98.1/23.


But im not sure that user in vlan20, vlan10 and new vlan can communicate if i will have enabled ip routing on catalyst, because mask will be different. Will be?


2.

i think this is not usable because i need more than 510 usable addresses in vlan10 (customer requiered it). Only if i can assign third a fourth address on interface - i dont know if it is possible. And i read that using more than one ip address on one interface is not very advisable from cisco.


So is first solution acceptable?


Thank.

jose.solano Wed, 02/04/2009 - 07:24
User Badges:

Hi,

Firts you must remove the ip addres 192.168.100.1/24 from the interface:


interface fa 0/1

no ip address 192.168.100.1 255.255.255.0


Then add new ip address 192.168.96.1/22, i suggests this mask, you will have up to 512 ip host for the vlan 10,

from the 192.168.96.1 to 192.168.97.254.


interface fa 0/1

ip address 192.168.96.1 255.255.252.0


Tell me if you fix the issue.


Regards


lubosbella Wed, 02/04/2009 - 07:45
User Badges:

Thank Jose,


i think this is possible way, but a bit complicated for me, i think.


All servers are using ip adresses 192.168.100.x. So if i change IP address on vlan10 for 192.168.96.1 i need to reconfigure all servers and connections for them to this new gateway (there is a lot of others suppliers from others companies).


Maybe better to me is to leave ip address 192.168.100.1 on vlan10 interface and change gateways in other vlans, where is no more computers and no servers.


But question is if comunication between vlan10 with mask /22 and vlan20 with mask /23 occur with no problems and all hosts will be visible if i enable ip routing on catalyst?


Thank.

Richard Burts Wed, 02/04/2009 - 08:37
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Lubos


In general it is not a problem to route between subnets that have different size subnet masks. Some routing protocols, like RIPv1, have a problem with subnets in the same major network with different size masks. But any subnet connected on your catalyst can easily route to any other subnet on the catalyst no matter what size the subnet mask. And routing protocols like EIGRP or OSPF can easily handle subnets with different size masks.


In my previous response I suggested a solution with secondary addressing and gave an illustration with a single secondary address. This would have been adequate for the 300 users specified in your original post. If the user has established requirements for more than that you can easily add additional subnets with secondary addressing.


If you (and the users) are willing to re-address all the machines in either VLAN 10 or in VLAN 20 then this would be the more clean and preferred solution. But if re-addressing will be a challenge or if the users are not willing to do that, then the solution with secondary addressing should work.


HTH


Rick

lubosbella Wed, 02/04/2009 - 11:49
User Badges:

Thank Rick,


so i can configure interface vlan10 like that:


ip address 192.168.100.1 255.255.255.0

ip address 192.168.102.1 255.255.255.0 secondary

ip address 192.168.103.1 255.255.255.0 secondary

ip address 192.168.96.1 255.255.255.0 secondary

ip address 192.168.97.1 255.255.255.0 secondary

ip address 192.168.98.1 255.255.255.0 secondary

ip address 192.168.99.1 255.255.255.0 secondary


And default gateway for users on subnet 192.168.102.x will be 192.168.102.1, for 192.168.103.x will be 192.168.103.1 etc. ... ?


If i choose for re-addresing is no problem to have different masks in others vlans as you mentioned - hosts will be visible....but i`m not sure because routig is made by command "ip routing" on catalyst switch 3750 connectted to c6509 ... no rip or ospf is used....


Thank.

Richard Burts Wed, 02/04/2009 - 12:40
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Lubos


Yes you can configure the secondary addresses as you describe and yes the gateways will be as you describe.


In your previous posts you have only talked about a Catalyst 6509. Now you mention that there is 3750 and 6509. But you have not told us what the relationship between them is. Does the 6509 route, does the 3750 route, do they both route? If you can describe more fully how the routing decisions are made then we can address whether different masks on different subnets would be an issue or not.


[edit] in an earlier post you commented:"using more than one ip address on one interface is not very advisable from cisco." It is true that multiple addresses on one interface is not preferred. But in your situation the preferred solution would be to re-address one VLAN or the other and that might be difficult to accomplish. So if the preferred solution is difficult in your case then the solution with secondary addresses may work.




HTH


Rick

lubosbella Thu, 02/05/2009 - 08:48
User Badges:

Hi Rick,


i configure 6509 interface with secondary ip addresses tomorrow. It is working and we are testing it. So thank you very much.


But i want to convict our customer for re-addressing.


So network consist of:

- 6509 ... is doing only static routing - default route to ASA, enabled "ip classless"

- 3750 ... only default route to ASA and enabled "ip routing", enabled "ip classless"

- ASA5520 ... static route to internet


So, do you thing is possible to using different network masks in different vlans, like we were writing before?


Thank.

Correct Answer
Richard Burts Thu, 02/05/2009 - 09:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Lubos


I am glad that it looks like the configuration of secondary addresses is working. I believe that this can be a workable solution for your issue.


But I agree that the solution with re-addressing so that you keep 2 VLANs and only 2 subnets, with different subnet masks on the subnets is a more preferable solution. With appropriate static routes it should work just fine.


HTH


Rick

Actions

This Discussion