cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2918
Views
0
Helpful
22
Replies

How to create separate subnets in network

mahesh18
Level 6
Level 6

Hi all,

I have home newtorl of 2 routes 3 layer 2 and 1 layer 3 switch.

Right now they all are in 1 network --means same subnet.

how can i create different subnets and make inter vlan routing any ideas

thanks

mahesh

1 Accepted Solution

Accepted Solutions

Mahesh

You only have one DHCP pool configured on the 3550 switch -

ip dhcp pool Cisco
   import all
   network 192.168.1.0 255.255.255.0
!

you need one for each vlan subnet so you will need a pool for -

192.168.10.0/24

192.168.20.0/24

192.168.30.0/24

also you don't need this -

ip dhcp excluded-address 192.168.5.2
ip dhcp excluded-address 192.168.5.1

because you are not handing out any IPs from the 192.168.5.0 pool.

In addition for each pool you need to add a default router so your config should look like -

ip dhcp pool vlan10

   import all

   network 192.168.10.0 255.255.255.0

   default-router 192.168.10.1

ip dhcp pool vlan20

   import all

   network 192.168.20.0 255.255.255.0

   default-router 192.168.20.1

and one for vlan 30 as well.

If you are not allocating any end devices eg. PCs etc. into vlan 1 then you don't need the Cisco DHCP pool. You only need pools for the vlans you are allocating end devices into.

Your NAT -

You currently have this -

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

you will need to add extra lines for each new address range eg.

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 101 permit ip 192.168.5.0  0.0.0.3 any

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

etc..

Jon

View solution in original post

22 Replies 22

Reza Sharifi
Hall of Fame
Hall of Fame

mahesh18 wrote:

Hi all,

I have home newtorl of 2 routes 3 layer 2 and 1 layer 3 switch.

Right now they all are in 1 network --means same subnet.

how can i create different subnets and make inter vlan routing any ideas

thanks

mahesh

Hi Mahesh,

The simplest one is to create to different vlans (10 and 20) on the layer 2 switch and since the layer 2 switch is connected to the layer 3 switch create trunk between the 2 switches and add vlan 10 and 20 to it.  on the layer 3 switch create 2 SVIs,one for vlan 10 and one for vlan 20. Then connect a PC to each vlan access port on the layer 2 switch and configure one with IP and default gateway for vlan 10 and the other PC for vlan 20.  Now you are doing inter vlan routing

HTH

Reza

Hi reza,

thanks for reply.

so you mean to say that vlan 10 an 1 switch and vlan 20 on other switch?

or you mean to say that vlan 10 and 20 on all  3 layer  2 switches.?

right now my router is doing nat and it is connected to isp cable modem.

how will is do natting ?

You can do it with 2 switches (one vlan per switch) or both vlans on the same switch. If you use 2 different switches you don't even have to trunk your uplinks since they are just one vlan coming from each switch.

HTH

Reza

Hi Reza

so you mean to say vlan 10 and 20 on each layer 2 switch  then connect these 3 switches as non trunk port and connect it to layer 3 switch?

but how will i do ip adressing right now router is doing the dhcp stuff for 192.168.1.0 network

so can  same router do dhcp for 3 different networks?

thanks

mahesh

Yes, just extend the vlans from all later-2 switches to the router and create a sub-interafce for each vlan on the router and let DHCP assign IPs to all the VLANs.

Reza

mahesh18 wrote:

Hi Reza

so you mean to say vlan 10 and 20 on each layer 2 switch  then connect these 3 switches as non trunk port and connect it to layer 3 switch?

but how will i do ip adressing right now router is doing the dhcp stuff for 192.168.1.0 network

so can  same router do dhcp for 3 different networks?

thanks

mahesh

Mahesh

You can either have a vlan per L2 switch or both vlans on each L2 switch.

You can set up DHCP pools on the 3750 L3 switch for each vlan ie. move it from the router to the 3750 switch.

Natting you need to leave on your router because 3750 switches don't support NAT.

You will need to then have a L3 link between your 3750 and the router eg.

router

=====

LAN interface

int fa0/0

ip address 192.168.5.1 255.255.255.252

L3 switch

=======

interface connecting to router

int gi0/1

no switchport

ip address 192.168.5.2 255.255.255.252

then on the 3750 add a default-route for the internet -

ip route 0.0.0.0 0.0.0.0 192.168.5.1 

Finally on the router you will need to add routes for the vlans on your 3750 switch eg.

ip route 192.168.5.2

etc.. for each vlan on your 3750

Jon

Hi Jon

Thanks for reply

so i can create DHCP pool like this in layer 3 switch

ip dhcp pool Add_Pool
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1

so by giving this pool in layer 3 switch i can have different subnets for example

192.168.5.1

192.168.3.1??

thanks

mahesh

mahesh18 wrote:

Hi Jon

Thanks for reply

so i can create DHCP pool like this in layer 3 switch

ip dhcp pool Add_Pool
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1

so by giving this pool in layer 3 switch i can have different subnets for example

192.168.5.1

192.168.3.1??

thanks

mahesh

Mahesh

Correct. Don't forget to exlude addresses used from the pool eg. the IP address assigned to the L3 vlan interfaces on the 3750 eg.

ip dhcp excluded-address 192.168.5.1

etc..

Jon

mahesh,

Yes, can have multiple vlan/subnet on a layer-3 switch. As a matter of fact if you have a 24 or 48 port switch you can put each port in a different vlan.

Example:

port 1 vlan 10 ip address 192.168.10.0/24

port 2 vlan 20 ip address 192.168.20.0/24

port 3 vlan 30 ip address 192.168.30.0/24

and so on.

yes, you can configure the DHCP pool on the switch just like the router.

HTH

Reza

Hi,

On layer 3 switch right now i have this config

4/4/4 ms
3550SMI#sh run
Building configuration...

Current configuration : 4656 bytes
!
! Last configuration change at 10:09:40 MST Sat Apr 17 2010 by manveer
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
!
hostname 3550SMI
!
logging buffered informational
no logging console
enable secret 5 $1$V6fq$0aGqXLjuWwT8/d.C7S5qI1
!
username manveer password 7 020201580E0B0D245E1C59495C
no aaa new-model
clock timezone MST -7
clock summer-time MST recurring
ip subnet-zero
ip routing
!
ip dhcp pool Cisco
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.60
!
ip dhcp snooping vlan 1
ip dhcp snooping
!
!
crypto pki trustpoint TP-self-signed-683474304
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-683474304
revocation-check none
rsakeypair TP-self-signed-683474304
!
!
crypto pki certificate chain TP-self-signed-683474304
certificate self-signed 01
  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 36383334 37343330 34301E17 0D313030 34313432 30323230
  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3638 33343734
  33303430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  A13A7461 7BCA7E65 258D00AF DA3AC971 25E34ACE E6AD2464 463610AD 661FAB37
  CA6A2034 4616F42E 056178FA 2895C85B D033BF91 95E3C7ED A7E4D858 E396A288
  A88E2BAF 00AAA287 F631A437 2684B50B 696B9D44 A769E689 F4106921 7C34343C
  B85745E9 67FFF8E1 E0DA019F 436A5054 C3BD95D6 787AE732 D50B16F0 73D852CB
  02030100 01A36830 66300F06 03551D13 0101FF04 05300301 01FF3013 0603551D
  11040C30 0A820833 35353053 4D492E30 1F060355 1D230418 30168014 F522B5C2
  E52D04AE C5D07BA5 9273AD70 FF4BC058 301D0603 551D0E04 160414F5 22B5C2E5
  2D04AEC5 D07BA592 73AD70FF 4BC05830 0D06092A 864886F7 0D010104 05000381
  81006920 749AF95C 403C8729 753E86B7 177DF346 0BD352D5 7E96AB24 708F682F
  E727DF95 C43E9364 1EDE37EB 29858745 2FBFEB0A 62D2753F E5CCA329 4351D08B
  37F25E79 0001D65F 1D434919 F67548CF FB2CCAFD 35A8F3CD 57815912 0160FB8B
  AAF41A96 2E2728CC EE363866 A295E03B 81EA3EB6 686505D2 E7382D96 F3B19AA7 86FF
  quit
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
ip dhcp snooping trust
!
interface FastEthernet0/2
switchport mode dynamic desirable
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/4
switchport mode dynamic desirable
!
interface FastEthernet0/5
switchport mode dynamic desirable
!
interface FastEthernet0/6
switchport mode dynamic desirable
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/9
switchport mode dynamic desirable
!
interface FastEthernet0/10
switchport mode dynamic desirable
!
interface FastEthernet0/11
switchport mode dynamic desirable
!
interface FastEthernet0/12
switchport mode dynamic desirable
!
interface FastEthernet0/13
switchport mode dynamic desirable
!
interface FastEthernet0/14
switchport mode dynamic desirable
!
interface FastEthernet0/15
switchport mode dynamic desirable
!
interface FastEthernet0/16
switchport mode dynamic desirable
!
interface FastEthernet0/17
switchport mode dynamic desirable
!
interface FastEthernet0/18
switchport mode dynamic desirable
!
interface FastEthernet0/19
switchport mode dynamic desirable
!
interface FastEthernet0/20
switchport mode dynamic desirable
!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 192.168.1.60 255.255.255.0
!
router ospf 10
log-adjacency-changes
network 192.168.1.0 0.0.0.255 area 0
!
router rip
version 2
network 192.168.1.0
!
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
exec-timeout 60 0
login local
length 500
escape-character 3
line vty 5 15
login
!
ntp clock-period 17180279
ntp server 192.168.1.1
end

so here i can make 2 vlans and assign them IP  as

vlan 10 ip address 192.168.10.0/24

vlan 20 ip address 192.168.20.0/24

vlan 30 ip address 192.168.30.0/24

and also Please check my dhcp config is right for this switch?

many thanks

mahesh

Hi Jon,

Here is config of layer 3 switch

version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
!
hostname 3550SMI
!
logging buffered informational
no logging console
enable secret 5 $1$V6fq$0aGqXLjuWwT8/d.C7S5qI1
!

no aaa new-model
clock timezone MST -7
clock summer-time MST recurring
ip subnet-zero
ip routing
!
ip dhcp pool Cisco
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.60
!
ip dhcp snooping vlan 1
ip dhcp snooping
!
!
crypto pki trustpoint TP-self-signed-683474304
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-683474304
revocation-check none
rsakeypair TP-self-signed-683474304
!
!
crypto pki certificate chain TP-self-signed-683474304
certificate self-signed 01
  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 36383334 37343330 34301E17 0D313030 34313432 30323230
  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3638 33343734
  33303430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  A13A7461 7BCA7E65 258D00AF DA3AC971 25E34ACE E6AD2464 463610AD 661FAB37
  CA6A2034 4616F42E 056178FA 2895C85B D033BF91 95E3C7ED A7E4D858 E396A288
  A88E2BAF 00AAA287 F631A437 2684B50B 696B9D44 A769E689 F4106921 7C34343C
  B85745E9 67FFF8E1 E0DA019F 436A5054 C3BD95D6 787AE732 D50B16F0 73D852CB
  02030100 01A36830 66300F06 03551D13 0101FF04 05300301 01FF3013 0603551D
  11040C30 0A820833 35353053 4D492E30 1F060355 1D230418 30168014 F522B5C2
  E52D04AE C5D07BA5 9273AD70 FF4BC058 301D0603 551D0E04 160414F5 22B5C2E5
  2D04AEC5 D07BA592 73AD70FF 4BC05830 0D06092A 864886F7 0D010104 05000381
  81006920 749AF95C 403C8729 753E86B7 177DF346 0BD352D5 7E96AB24 708F682F
  E727DF95 C43E9364 1EDE37EB 29858745 2FBFEB0A 62D2753F E5CCA329 4351D08B
  37F25E79 0001D65F 1D434919 F67548CF FB2CCAFD 35A8F3CD 57815912 0160FB8B
  AAF41A96 2E2728CC EE363866 A295E03B 81EA3EB6 686505D2 E7382D96 F3B19AA7 86FF
  quit
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree bpduguard disable
ip dhcp snooping trust
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/3
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/4
switchport access vlan 10
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/5
switchport access vlan 10
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/7
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/8
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/9
switchport access vlan 10
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/10
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/11
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/12
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/13
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/14
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/15
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/16
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/17
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/18
switchport access vlan 30
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/19
switchport access vlan 30
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/20
switchport access vlan 30
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/21
switchport access vlan 30
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/22
switchport access vlan 30
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/23
switchport access vlan 30
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/24
switchport access vlan 30
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 192.168.1.60 255.255.255.0
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
!
interface Vlan30
ip address 192.168.30.1 255.255.255.0
!
router ospf 10
log-adjacency-changes
network 192.168.1.0 0.0.0.255 area 0
!
router rip
version 2
network 192.168.1.0
!
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
exec-timeout 60 0
login local
length 500
escape-character 3
line vty 5 15
login
!
ntp clock-period 17180281
ntp server 192.168.1.1
end

  so i will connect 2 layer 2 switches to this

so on each layer 2 switch i can make up default vlan 1  and assign ip to that right?

and which default gateway should i assign to layer to switches?  vlan 10 or 20  or 30 ip from layer 3?

thanks

mahesh

Mahesh

so i will connect 2 layer 2 switches to this

so on each layer 2 switch i can make up default vlan 1  and assign ip to that right?

and which default gateway should i assign to layer to switches?  vlan 10 or 20  or 30 ip from layer 3?

If you use vlan 1 interface on the L2 switches then you need to use the vlan 1 IP address from your L3 switch as the default-gateway on your L2 switches.

Remember on a L2 switch the vlan interface is only used to manage the traffic.

Cisco recommend using a vlan for managing your switches other than vlan 1 and not used by any clients/servers etc.

Jon

Hi Jon,

Sorry for late reply.

so in my layer 2 switch i want to config t vlan 10 and 20 each on both switches

then which IP should i asisgn to vlan 10 and 20 on layer 2 switch and can i use vlan 10 ip for both gateways  on layer 2 switches

thanks

mahesh

mahesh18 wrote:

Hi Jon,

Sorry for late reply.

so in my layer 2 switch i want to config t vlan 10 and 20 each on both switches

then which IP should i asisgn to vlan 10 and 20 on layer 2 switch and can i use vlan 10 ip for both gateways  on layer 2 switches

thanks

mahesh

Mahesh

You can have multiple vlans on a L2 switch at L2 but you can only one L3 vlan interface and this is used for managing the switch. So on your L2 switch you have multiple vlans ie.

if you run this command "sh vlan brief" you should see vlan 10 & 20 and any others you want.

You can only have one L3 vlan interface though. This vlan interface is never used as a default-gateway on PCs/servers etc. The default-gateway for PCs etc. in vlan 10 and 20 will the respective IP address on the L3 switch for vlan 10 and vlan 20.

For your L2 switch default-gateway, whichever L3 vlan interface you use ie. vlan 1, vlan 10 or vlan 20, then you should set the default-gateway to be the L3 IP address of the same vlan on the L3 switch.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco