Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
371
Views
5
Helpful
2
Replies

IP address for Vlan management over WAN

renee-brown
Level 1
Level 1

‎12-02-2002 01:42 PM - edited ‎03-02-2019 03:18 AM

Our current network is flat, eveyone is in vlan1. I want to implement VLAN assignements on the 3500xl switches. Can you answer the following questions:

1. Setting up the management VLAN300, the main office is using non-public addresses. They did not subnet the addresses , they're using a 255.255.255.0 mask. They want me to use vlan300 which is understandable but gave me a range of 10.100.2.130 through 10.100.2.200 with a 255.255.255.0...SInce we are in different georgraphical locations...Won't routing be confused? Shouldn'r subneting been applied per location?

2. Can anyone explain this configuration.

interface vlan300

ip address 10.100.2.5 255.255.255.0

ip nat outside

!

ip nat inside source list 199 interface vlan300 overload

!

access-list 199 dynamic CLuster-NAT permit ip any any

I don't know what it is doing? Explain please...

Labels:
0 Helpful
2 Replies 2

rlcarr
Level 1
Level 1

‎12-02-2002 02:06 PM

1. You are correct. By them giving you a mask of 255.255.255.0 they have to use the range 10.100.2.1 thru 10.100.2.255 on this Lan only. The range .130 thru .200 doesn't even fall on any bit boundaries for subnetting, the closest is .128 thru .191 with a mask of 255.255.255.192

2. They are 'attempting' to do NAT (Network Address Translation). However, for this to work they need to have another interface that has the command "ip nat inside". Basically, the interface with the 'inside' whenever it talks out (ACL 199 permits ANYbody) the 'outside' interface it would appear to use the 10.100.2.5 (overload) address as its source address.

If this was working properly you can issue a "show ip nat translation" and see which IPs are talking to the "outside".

Hope this helps,

~rlc

CCNP, CCDA, CNE

renee-brown
Level 1
Level 1
In response to rlcarr

‎12-03-2002 02:24 PM

Great, they gave me a new range 190 thru 255....subnetting this would make for a better design. At HQ, on the RSM they have an interface configured with the VLAN300...ip address x.x.x.28 255.255.255.0......

This will create routing problems if at the new network I config

VLAN mgt config is:

VLAN300

ip address x.x.x.193 255.255.255.0 ......I MUST SUBNET, I am correct?

0 Helpful
Customers Also Viewed These Support Documents