What would be the best way in going about splitting an existing /22 networking into 4 /24 networks using vlans? the existing network is currently all on vlan1, but we would like to slit it in to 4 vlans, then in the future slit 1 or 2 of those subnets even further by department. our current ip address scheme is 192.168.8.0 /22 all in vlan 1? any help will be appreciated.
Part of the answer to your question is relatively easy and part is relatively difficult. The easy part is how to divide a /22 and create 4 /24s. If your address space is 192.168.8.0/22 then you would create 192.168.8.0/24, 192.168.9.0/24, 192.168.10.0/24, and 192.168.11.0/24. If you wanted to divide one of the subnets further you might take 192.168.9.0/24 and create 192.168.90./25 and 192.168.9.128/25.
The difficult part is how you transition from 1 VLAN to 4 VLANs within the same address space. There are several options that you might consider about how to do this:
- the big issue is that probably there are end stations that will end up in the .9 VLAN but they do not have .9 addresses now (and the same for .10 and .11). If you are running DHCP to assign addresses there a couple of approaches to the conversion and if you are using statically assigned addresses there are some other approaches to consider.
- with DHCP to assign addresses one approach is a phased transition. You would create DHCP scopes for the .9 VLAN, the .10 VLAN, and the .11 VLAN (leaving the .8 as it is for now. You would create the VLAN interfaces for the new VLANs and configure them with ip helper-address so that they would forward DHCP requests to the server. You would then gradually reassign user ports from the original VLAN to the new VLANs.
- or with DHCP you go for one swift total conversion. You would configure a very short lease in the original scope so that as you perform the conversion the original addresses age their lease quickly and will negotiate a new lease quickly. You would then create scopes for the 8, 9, 10, and 11 VLANs. then at the time of the conversion you remove the existing VLAN configuration and configure the new VLANs (including ip helper-address so that they will forward DHCP requests to the DHCP server) and you configure all the user ports into the proper VLAN.
- if you have statically configured addresses I would probably suggest a phased conversion in which you create new VLAN interfaces and you go around accessing end stations, configuring a new address on them, and reconfiguring the user port to assign it to the new VLAN.
Thanks for your response. For starters that is what we want to create, four subnets, 192.168.8.0/24, 192.168.9.0/24, 192.168.10.0/24, and 192.168.11.0/24. We want .8 to be for our servers, .9 for management of our network devices, .10 for clients using dhcp, and .11 to future use.
Like you said the difficult part is transitioning from one VLAN to four VLANs using the same address space. I have attached a diagram of a piece of the network we are working on. It is a flat network with no redundancy, but that?s what they have. There are some statically configured addresses so we most likely do the phased conversion. Also we are thinking of using a different address space something like 192.168.24.0/24, 192.168.25.0/24, 192.168.26.0/24, 192.168.27.0/24. Please take a look at the diagram and let me know where you thing I should place the SVI.
First let me say that I think that there might be some advantage in creating new address spaces to use for the conversion. So I like the idea of 192.168.24.0/24, 192.168.25.0/24, 192.168.26.0/24, and 192.168.27.0/24.
I am not sure that there is a particular "right" answer about where to put the SVI. I could make a case for putting it on the WAN router, since this router is the entry point and exit point for everyone to the outside world. If the WAN router had the SVIs then it could efficiently route all traffic to the proper VLAN. I think that I could also make a case for putting the SVI on R2_R_BB based on it being centrally located within the network.
The SVI probably could work on some other layer 3 switch, but I think that these 2 would be the best choices.
We will be going forth with the new address space. The reason that we can?t place the SVIs on the WAN router is because we have no access to it. It is managed by our parent company. The router that we manage is the GW_3550, it used to be a Cisco 2514 router, but it died so we used a 3550 12T. We use this to route between the segment in the diagram I attached and another segment that we have. Also, the WAN router is only the exit point to our parent company and remote offices; we actually have a firewall that is attached to the ACCESS switch that we use for internet connection. We started putting the SVIs on the R2_BB but ill try to place them in R2_R_BB. Thanks for your suggestions.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...