cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
500
Views
0
Helpful
2
Replies

Subnet Question

mel.farhat
Level 1
Level 1

I have a subnet 10.xxx.0.1/22 (10.xxx.0.1 to 10.xxx.3.254)

now i would like to take a portion of the network for some Mac users, 10.xxx.0.1 - 10.xxx.0.126.

how would that look

2 Replies 2

David Salazar
Level 1
Level 1

You can have a network address like 10.x.0.0/22 (10.x.0.0 - 10.x.3.255 -> 1024 IPs Address)

And you can do a subnetting according to your needs, for example for MAC users you can use 10.x.0.0/25 (10.x.0.0-10.x.0.127)

the other way is using PRIVATE VLAN where you can use all the network segment  and use COMMUNITY VLAN segment the network at Layer2 for MAC Users.

Example:

Vlan 100 -> name Primary (Private Vlan - Primary)
Vlan 110 -> name SecMACUsers (Private Vlan - Community)
Vlan 111 -> name OtherUser  (Private Vlan - Community)

And you can assign ip number with/without sequence.

I hope you helpful

David Salazar
Level 1
Level 1

steps to the private VLAN configuration:

1) Create VLANs on Layer 2 and make specific VLAN mapping.



vlan 200

name SERVERS-A

  private-vlan primary

  private-vlan association 220-222

!

vlan 220

name SERVERS-COMMUN-A

  private-vlan community

!

vlan 221

name SERVERS-COMMUN-B

  private-vlan community

!

vlan 222

name SERVERS-COMMUN-C

  private-vlan community

!

2) Create SVI Interface (Layer 3)

MBO-SW-01#sh run int vlan 200

Building configuration...

Current configuration : 348 bytes

!

interface Vlan200

description +++ Vlan Servidores / CPS MBO +++

ip address 192.168.5.1 255.255.255.0

private-vlan mapping 220-222

end

SW-01#



3) Configure Network Interface Devices for Community Vlan.

SW-01#sh run int g5/12

Building configuration...

Current configuration : 166 bytes

!

interface GigabitEthernet5/12

description SVR-BL02 LAN

switchport private-vlan host-association 200 220

switchport mode private-vlan host

load-interval 30

end

SW-01#sh run int g5/13

Building configuration...

Current configuration : 166 bytes

!

interface GigabitEthernet5/13

description SVR-BL03 LAN

switchport private-vlan host-association 200 220

switchport mode private-vlan host

load-interval 30

end

SW-01#sh run int g5/14

Building configuration...

Current configuration : 166 bytes

!

interface GigabitEthernet5/14

description SVR-BL04 LAN

switchport private-vlan host-association 200 220

switchport mode private-vlan host

load-interval 30

end

This type of setup allows you to save the amount of IPs, since they do not spend for subnetting IP addresses,

Practically no matter if you assign IP addresses sequentially, it is important to belong community since the broadcast is limited to those communities.

At the same time that you force all traffic going to the default gateway which allows for increased security or control over the network.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco