Migrating to a new IP Address Range

Unanswered Question
Jun 28th, 2010


Our network is currently using the IP address range.  I want to migrate to a network that will support more than 254 hosts.  I'm thinking about using

Although both networks will be on the same wire, they won't be able to talk to each other unless I implement some sort of routing between them.  We have an ASA5510 as our main firewall, but it won't route between 2 internal networks so I can't use that.  I've got a 3550 switch that will do layer 3 routing.  What would be the best way to set this up?

This is what I was trying to do.  Connect the 3550 to the rest of the network and give that connection an IP address of  Set the IP address for VLAN1 to

interface GigabitEthernet0/1
no switchport
ip address

interface Vlan1
ip address

On my workstation I add a route to the network via  On a computer on the other network make the default gateway.

So far so good.  From my computer I can ping and  From the other computer I can ping and, but I can't seem to ping from one computer to the other from either direction.

Is there a better way of doing this?


David Kirk

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Jon Marshall Tue, 06/29/2010 - 00:55

davidrkirk wrote:


interface GigabitEthernet0/1
no switchport
ip address

interface Vlan1
ip address

Is there a better way of doing this?


David Kirk


A more common approach is to use 2 vlan interfaces ie. on the 3550

int vlan 2

ip address

int vlan 1

ip address

and then assign gi0/1 into vlan 2 ie.

int gi0/1

switchport mode access

switchport access vlan 2

it's not clear where your 192.168.1.x clients are connected.  You would need to create vlan 2 on any other switches and assign your clients into that vlan. This makes things more complicated so personally i would use vlan 1 as the vlan for your 192.168.1.x clients as this is the default vlan and they will already be in that vlan. Then use vlan 2 for your new network.

Finally is a big network. Rather than simply use a bigger network you should keep your 192.168.1.x and have a 192.168.2.x for a new vlan. If you run out of addresses again just add 192.168.3.x etc. That way your vlans which are L2 broadcast domains will not have too many hosts in them.

So for each vlan you need you would have a L3 vlan interface on the 3550 switch. And then on the 3550 switch you should have a default route pointing to your firewall ie.

ip route

On the firewall you would need to add routes for the internal vlans on the 3550 switch eg.

route inside <3559 ip address connecting to firewall>

Note that you don't have to but it is generally better to use a dedicated vlan for the connection between the 3550 and the firewall.

The above would mean all traffic is routed off the 3550 and only sent to the firewall if destined for the internet. This is fine if you do not need to firewall between internal vlans which it sounds like you don't need to. You would need some downtime to set all this up if you use a dedicated vlan for 3550 -> firewall but otherwise you could set it up live if you wanted.

Also when testing make sure the PCs do not have personal firewalls/anti-virus which could block incoming pings.


lamav Tue, 06/29/2010 - 02:26

If you need a larger IP scope to support more hosts, why cant you just change the subnet mask to /23 on the network appliances and the DHCP server's scope configuration? Then have all the clients release their IP address leases and then renew.


davidrkirk Wed, 06/30/2010 - 19:21


Thanks for your reply.  We are a 24 hour business and I was hoping to minimize any downtime.  All the computers I want to move to the new IP address range are in vlan1.  If I create a new vlan for the other IP address range then I'll have to change all our vlan1 ports to the new vlan and as soon as I do that they won't be able to communicate with the other network until they get their new IP address.

What I was hoping to do was have both IP address ranges in vlan1.  I would reduce the DHCP lease time to 1 hour and then delete the existing scope and create a new one for  When the computers try to renew their DHCP lease it would give them an address on the new network and if they need to communicate with a host that hasn't updated it's address yet, it would go via the route on the 3550.  Once all hosts have an address on the new network I would get rid of the routing.

My only problem with this is that in my testing I can't seem to connect to the other network through the 3550 at the moment.  From the 3550 I can ping both my computer on  I can also ping my test laptop on  I just can't ping between the 2 computers.

Both computers have a route to the opposite network via the 3550.  The 3550 knows where each network is, so I assume I don't need to add any routes in there.

Am I doing something wrong?  Does the 3550 know that both ports are connected to the same vlan and refuse to forward packets?


bkccards64 Tue, 09/28/2010 - 19:58

Has IP routing been enabled on the 3550 switch?  (switch(config)# ip routing)

davidrkirk Wed, 09/29/2010 - 17:33

Yes, iprouting is enabled.

I have (mostly) completed the IP address change now.  I ended up using the 3550 as the default gateway for the new IP address range and adding a pfsense box to the network.  The pfsense box had 2 gigabit interfaces, both plugged in to the same network, but with addresses on both subnets.

I changed DHCP to offer addresses on the new network and manually updated all the printers, servers and any other statically assigned hosts.

Now I'm just watching the logs on the default gateway to see what is still trying to connect to an old IP address and then track down the service and reconfigure it.  I'm almost done.  Then I can get rid of the pfsense box.


David Kirk

glen.grant Thu, 09/30/2010 - 02:17

   Use a secondary address on your current  routing setup. Ugly , yes but it would probably work until you get things changed over...OOPs see this is a old thread  ,disregard...


This Discussion