cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
247
Views
0
Helpful
1
Replies

Converge two internal LANs

jon.penrose
Level 1
Level 1

Hello group,

I'm just getting back into routing after a 5 year absence. I'm looking for some sanity checks and a bit of help:

The goal is to connect two internal LANs using a 2651 then control the traffic with access lists.

I have two 10/100 Ethernet ports on this router setup like so:

Fa 0/0 - 10.0.0.41/23 main production LAN (PLAN)

Fa 0/1 - 10.5.0.1/23 primary and 192.169.0.55/24 secondary on the maintenance LAN (MLAN)

The goal here is allow controlled communication between the MLAN and the PLAN using access lists. SMTP, some printing file server access etc.

Currently the MLAN is addressed using the 192.169.0.0/24 range (a typo by the original net admin). I want to eventually get them to 10.5.0.0/23 therefore I've setup primary and secondary IP addresses on Fa 0/1 so I can transition the addressing gradually whilst still allowing traffic from both subnets to get to the PLAN. Basically I want traffic to move through this router whether you're a 10.5.0.0 or a 192.169.0.0 node.

*Do I need to create an access list between the primary and secondary interface addresses permitting traffic on either range in either direction? I imagine this is how stations with 10 addresses talk to stations with 192 addresses while the addressing is in transition?

*How about getting traffic from FA 0/1 to the Fa 0/0 interface. Do I need to create access lists for both subnets (10.5.0.0 and 192.169.0.0)? I imagine an access group OUT on the Fa 0/1 interface and an access group IN on the Fa 0/0 interface but it?s been so long since I've done this that I can't remember the rules.

*If I'm simply moving traffic from 0/1 to 0/0 then is a route statement even necessary since its traffic between two interfaces on the same router?

I hope I've articulated this well enough for anyone attempting an answer. I can certainly clarify if needed.

TIA

-J

1 Reply 1

sbilgi
Level 5
Level 5

I think there is nothing called secondary interface. Same interface is assigned a secondary address. so you need to create extended access list pointing inside of Fa/0 for both the networks .

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco