Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Routing to multiple subnets

Hi,

We have a network setup so that we have a feed coming in from the Internet to our router and the LAN behind our router consists of some webservers configured with a subnet of public IP addresses, our provider is routing packets to this network to our router and then our router routes them to the correct server on the LAN, this works fine.

The issue is that we now need some more IP addresses (for SSL hosted sites on the webservers) and the new block we will get most likely won't continue on from the block we already have. What I'm trying to do is work out how to setup our router so that the LAN has 2 (or more) networks configured so that the servers can listen on both blocks of addresses.

The router we have is a Cisco 861 and in the web inteface you can simply set a WAN IP and mask and a LAN (or rather VLan) IP and mask, this worried me that it wouldn't be possible but after connecting using SSH and checking out some of the CISCO commands I'm starting to think this may be possible with this router?

What I am currently thinking is I simply need to create a new VLAN for each block of IPs we need, is this correct? If so then I've been looking at this but it appears at that a VLAN is attached to a particular interface (or interfaces), there are 4 physical LAN ports on this router and it seems a bit wrong that I would have to connect a seperate cable to each port with a VLAN on it all going into the same router so they can get to the webserver.

So I guess my question is can I a) have multiple IP addresses/subnets on a single VLAN or b) can I set up multiple VLANs and attach them to a single phyical interface?


Thanks for taking the time to read this and I hope my questions is clear enough and makes sense.

Tom

Everyone's tags (6)
19 REPLIES

Re: Routing to multiple subnets

Hi,

Go with option 2 and configure multiple vlan in router interface connecting inwards towards teh LAN using sub interface.check out the below link for inter vlan routing using Router on a Stick concept.

Hope this will help on your query

http://www.cisco.com/en/US/docs/switches/lan/catalyst5000/hybrid/routing.html

Regards

Ganesh.H

New Member

Re: Routing to multiple subnets

Thank you very much for your reply, it was the answer I was hoping for an looking at that link I can see the model for exactly what I am trying to create. I've been hacking away at the router console and I seem to have got the hang of vlans however I can't for the life of me work out how to create subinterfaces, I've tried commands such as

interface fastethernet 1.1

and unless I use 1.0 I get the following message back

% Invalid input detected at '^' marker

(the ^ is pointing at the f in fastethernet)

If i type "interface fastethernet" and hit ? I get a message saying I can basically type 0-4, it's making me wander if this is possible in the router.


I don't supposed you know how you do this in the 861 router or better still know where I can find a reference for the commands for this particular router?

Thanks again for your reply, your help is really appreciated!

Tom

Re: Routing to multiple subnets

The fastethernet ports are layer 2 ports.

I'm not sure if you'll be able to create two vlans on the router. If this is true, you'll ve to work with a secondary IP

New Member

Re: Routing to multiple subnets

Please excuse me Davy, I'm feeling dense and confused about all of this. What do you mean I'd need 2 IP addresses, I'm already expecting the router to have an IP on each of the subnets I'd be configuring on the LAN, the issue is I'd like it so that the 1 physical interface on the router can send/receive packets on both networks rather than have 2 cable running from the router to the switch. Surely that should be possible?

Re: Routing to multiple subnets

How is your fastethernet port in use configured?

As a regular L2 port and a VLAN interface with one 1 ip address, serving as default-gateway for your servers?

New Member

Re: Routing to multiple subnets

Yes, that appears to be the way it is working right now.

Re: Routing to multiple subnets

There's a big chance that you can use only 1 vlan for all your fastethernet ports. Or that you're able to create only one L3 vlan interface.

interface vlan 1

ip add "Def gateway" SM

ip add "Def gateway2" SM secondary

if that's the case you'll be limited to one vlan and 2 subnets.

Unless you've a layer3 switch before the router? (3750/3560/3550/...

New Member

Re: Routing to multiple subnets

Hmm, I it lets me create multiple vlans but your saying that I can only attach 1 vlan to an fastethernet port?

If this is true I could potentail create a vlan for each fastether port and then plug them all into the same switch right? This isn't ideal and I'd probably return this router and go for a different option (any suggestions on models to look at which are capable of this behviour?) but I'm just trying to get a picture of what is going on in my mind.

Thanks for you all help so far!

Re: Routing to multiple subnets

Which type of model of switch is connected to your router?

What is used as default gateway for your servers?

interface vlan x on the router?

If yes, are you able to create a second VTI (interface vlan y)

New Member

Re: Routing to multiple subnets

I don't remember the make/model of the switch, it's nothing clever or complicated and has no managerment interface it's just a small gigabit ethernet switch.

The default gateway on the servers is indeed the IP address of vlan1 on the router, I can create a vlan y but I don't know what to do with it, presumably I attach it to an interface but because I don't seem to be able ot attach it to the same interface that vlan1 is attached to that would mean I'd have to connected up another port on a different interface?

The sub interface seems like the right thing (it looks similar to setting up ethernet aliases on linux?) but I just don't seem to be able to get this router to play the game.

Re: Routing to multiple subnets

What to do with the 'authentication required' server fed.cisco.com: etc???

Subinterfaces works only on physical layer 3 interfaces. The fastethernet ports are layer 2 ports.

For each vlan/subnet you require a default gateway at a Layer 3 device which has routing intelligence (eg. default route,...).

As you can't work with subinterfaces, you've to work with vlan interfaces.

vlan 1 has a corresponding layer 3 interface : interface vlan 1

vlan 2 has a corresponding layer 3 interface : interface vlan 2

etc.

which could be used as default gateway.

=the same as subinterfaces but in software. Via a trunk link the port has to be connected with the other switch.

BUT

In the first place I don't think you'll be able to create an extra vlan interface (interface vlan x). If you could try? (eg. interface vlan 2)

As your switch probably even won't recognize different vlans, I think you're limited to 1 VLAN and two subnets via secondary IP address. => won't understand dot1Q.

Or you've to put each port in a vlan with a dedicated cable connecting to the '1 vlan switch'. (if you can create multiple vlan interfaces)

Suppose if subinterfaces would work. You'll require a dot1Q link (vlan tagging) which is not compatible with your switch's capabilities

New Member

Re: Routing to multiple subnets

I can create an extra vlan, it has not problem doing that, the problem is getting both vlans attached to a single physical interface (I'm still not sure if I'm understanding this properly).

Purple

Re: Routing to multiple subnets

  If your switch is a unmanaged switch your only option will be to create a single vlan with a secondary address as umanaged switches have no trunking capability .

Re: Routing to multiple subnets

Indeed as I said,

interface vlan 1

ip address x.x.x.x y.y.y.y (=default gateway for first subnet)

ip address z.z.z.z a.a.a.a secondary ((=default gateway for second subnet)

=actually 1 vlan, serving to subnets.

Beside the non-trunking capability I think also you're not able to create a second vlan INTERFACE.

New Member

Re: Routing to multiple subnets

Thanks for your help so far, i've now been talking to the network expert at Insight and he's lead me to the conclusion (as I expected) that this router simply isn't made for this purpose so were now talking about the possiblity of using a Cisco 1941 router plugged into a managed switch (Cisco 2960 or HP 2610).

Now the guy I've been speaking to has said that we'd create a VLAN for each network then configure the switch with each of these VLANs, however from my understanding each VLAN (say for example we have the blocks 210.210.210.160/27 and 222.222.222.160/27) would be assigned to it's own block of ports on the switch (e.g. 210.210.210.x on ports 1-8 and 222.222.222.x on ports 9-16) is this correct? If so this brings me back to the same problem, if I have a server running VMware with a virtual machine with a virtual network adapter configured with and address on the the 210.210.210.x network and a second virtual machine configured on the 222.222.222.x network then I'm going to need 2 interfaces on the vmware server connected to the 2 different ports on the switch?

What would be better would be if I could configure the router/switch so traffic to 210.210.210.x or 222.222.222.x goes to port 1-16 (or whatever) on the router then I can use a single cable to the vmware server hosting clients on either network, does anyone know if this would be possible before I order this equipment?

Many many thanks!

Hall of Fame Super Blue

Re: Routing to multiple subnets

Tom

The datasheet on the 860 routers clearly states that it support 2 vlans and 802.1q support. Have you tried

1) creating 2 L3 vlan interfaces

2) configuring the port connecting to the switch as a trunk link. Note that the switch end would also have to be a trunk and the switch would need to be 802.1q capable

The above aside, your new solution, if the VMWare server uses one NIC then you simply configure the port on the switch as a trunk link and then the link can carry traffic for both vlans. A 2960 switch is certainly capabale of trunking so there should be no problems there and you can create subinterfaces on the 1941 for each vlan.

Without wishing to confuse the issue, note that subinterfaces on a router is really a sub-optimal solution. This is what L3 switches were designed for. So you may want to talk to your network guy at Insight and compare the pros and cons of

1) 1941 with 2960 switch using subinterfaces

2) existing 860 router with L3 switch such as 3560 switch. A L3 switch does not need to use subinterfaces at all.

To be honest it's a long time since i have priced up Cisco kit and there may be other considerations that have led the Insight guy to recommend the 1941 but it may be worth having a discussion about it.

But yes, a 1941 + 2960 switch would do what you want.

Jon

New Member

Re: Routing to multiple subnets

Jon,

Thank you very very much for your reply, I think you've almost completely solved this for me now but I have 1 last question.

You say the L2 & subinterface solution is sub-optimal, am I right in thinking it's only sub-optimal when it comes to communication between 2 networks on the the trunk (because a packet will have to go from the server to the switch to the router back to the switch back to the server) or are there other noticable performance hits? The reason I ask is because this will never (well at most very rarely) happen and in which case this is probably the solution for us, however if there are other hits then I think we will fork out the extra for L3.

Thanks again for your reply, I think we have this almost sorted!

Tom

Hall of Fame Super Blue

Re: Routing to multiple subnets

MisterOatScl wrote:

Jon,

Thank you very very much for your reply, I think you've almost completely solved this for me now but I have 1 last question.

You say the L2 & subinterface solution is sub-optimal, am I right in thinking it's only sub-optimal when it comes to communication between 2 networks on the the trunk (because a packet will have to go from the server to the switch to the router back to the switch back to the server) or are there other noticable performance hits? The reason I ask is because this will never (well at most very rarely) happen and in which case this is probably the solution for us, however if there are other hits then I think we will fork out the extra for L3.

Thanks again for your reply, I think we have this almost sorted!

Tom

Tom

The subinterface solution known as "routing-on-a-stick" was a precursor to L3 switches. It was a way to route between vlans when switches only worked at L2. So really if you need to route between multiple vlans the answer is a L3 switch.

It is suboptimal because -

a) the subinterfaces restrict the amount of bandwidth each vlan gets on the physical interface

b) the actual throughput of packets is much lower on a comparable router vs L3 switch because a L3 switch forwards packets at L3 in hardware

If neither of the above are a concern then yes, by all means use the routing-on-a-stick solution.

Jon

New Member

Re: Routing to multiple subnets

Thank you very much, I've got a good understanding of how this all works now and know exactly what kit to get. Thanks for all your help!

12702
Views
5
Helpful
19
Replies
CreatePlease login to create content