Thanks for your response

Can you tell me in detail?. What I meant is my existing network have default gateway: 172.x.x.4

How can I configure on router so that other servers in the existing network do not need to change the default gateway? And they can also reach others new VLAN network?

You meant that I have to configure the IP 172.x.x.4 (default gateway) on router as secondary IP?

Thanks for your help

Hello ,

Please configure as below in LAN interface

Interface fastethernet 0/1

Ip address 172.10.0.102 255.255.255.0

ip address 172.x.x.4 255.255.255.0 secondary

exit

Hi friend

Can I keep the existing default gateway for other servers with your recommendation of router's configuration?

Thanks and please in detail

Hello,

you have 2 options:

You can shutdown the 172.10.0.4 gateway and add the ip as secondary to the router or change the router ip to 172.10.0.4. In this scenario you have to make sure that the rest of the routing will also work with the router.

Option 2

You have to add a static route in your 172.x.x.4 gateway pointing to the new VLAN via the router interface 172.10.0.102, as long both interfaces (.4 & .102) are on the same subnet this will work.

The following example is for Windows and I assume that the new VLAN is 192.168.10.0 255.255.255.0

-open command prompt as Administrator

-route add 192.168.10.0 mask 255.255.255.0 172.10.0.102 metric 1

You can adjust your command to your specific environment and operating system of the 172.10.0.4 gateway

This is more easy but I have seen PC's loosing route commands for various reasons.

In order to help you further you have to provide me with more details about your environment:

-the existing subnet

-the new subnet

-the rest of subnets or default routes

-how all are accesible

Thanks for your help a lot

However, I cannot delete the existing default gateway: 172.x.x.4. Because we have all servers (100s servers) and users in same network (class B: 172.10.x.x) ==> sorry about this crazy IT lead.

I try to add new subnet to seperate users from the existing network, such as adding 172.16.x.x

If I use router (or Cisco switch), how could I allow the existing network (default gateway 172.x.x.4) connect with the new VLAN subnet (172.16.x.x)

I know how to route them, but the BIG problem is users servers from 172.10.x.x (gateway 172.x.x.4) need to know the IP of router, so that they can reach the new VLAN subnet (172.16.x.x)

Thanks for your help a lot

Hello,

you have to add a Cisco router with 2 ethernet interfaces. 1 ethernet interface will be in the current 172.10.x.x and the other one will be in the new subnet 172.16.x.x

For the new subnet this will be the default gateway.

For the current subnet 172.10.x.x you have to add a static route in your current gateway 172.x.x.4 to tell how to reach the new one, ip route 172.16.0.0 255.255.0.0 172.10.0.2 (where 172.10.0.2 is the ip of the router interface for the current subnet).

-----------------------------------------------------------

If you're going to use a layer 3 switch, you have to create 2 vlans 172.10.x.x and 172.16.x.x, place the users in the vlan that belong and add the static route for the new vlan in your current gateway eg.:

ip route 172.16.0.0 255.255.0.0 172.10.0.2 (where 172.10.0.2 is the ip of the switch vlan interface for the current subnet).

------------------------------------------------------------

Either of way you'll choose to do it, you have the ability to transition the users one by one, until you finish with them.

Last option is to use a router and add 2 ip addresses in one interface (ip address x.x.x.x x.x.x.x secondary) and use the same static route as above, but I don't recommend that.

For more detailed instructions you have to provide me with full details of the subnets and your equipment.

Thanks Panos

Let me draw some:

1/ Our current network: net: 172.10.x.x, netmask: 255.255.0.0    

     + No VLAN

     + Gateway: 172.x.x.4 (this is also internet router --> for user using internet): Cisco ASA

     + Users and 100s servers

2/ My purpose: seperate users from this network

3/ I divided several VLAN subnet, we just choose 01 here for simple: 172.16.192.0, netmask: 255.255.240.0

4/ I can choose either router or switch layer 3 for seperating network, let choose switch L3 for simple

5/ I put users, domain controller (provide DHCP to user), and Cisco ASA router internet (172.x.x.4) in the same switch ==> let call current switch

6/ I added route for both new switch L3 and Cisco ASA:

     + In Cisco ASA, I can ping through the new VLAN subnet (172.16.192.2)

     + In Laptop belong to current network (gateway 172.x.x.4), I cannot ping the (172.16.192.2)

7/ If I add route manually to the Laptop: 172.16.192.0 through 172.10.0.14 ==>  I can ping 172.16.192.2

Mean that it can work but I do not want to add route manually like that way because I have 100s servers in current network, it will be a big mistake

Thanks for your help

Ok it's a bit tricky to make the ASA do your internal routing, the easy way is to

1- change the ip of the ASA to 172.10.0.14 and put the 172.x.x.4 ip to the L3 switch

2- add a static route on L3 switch to allow default route 0.0.0.0 0.0.0.0 172.10.0.14

3- Add a route to the ASA for the new network( probably you've done that but check again)

Hope this helps.

Thanks for your help a lot

I know your refer work well. But the big problem is there are some stupid thing behind the scence of this network. Therefore, I try my best to do not change anythign on it. I want to route all packets from the current network go through my new VLANs.

Do you have any new ideas?

Thanks a lot

Ok,

then try to put the switch on the ASA, define a second internal network with same security level and allow routing between them.