Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ip subnetting

I was having a few questions regarding subnetting and vlsm. i have a router that has one ethernet interface connected to a pix firewall and will have a dmz hanging off of one of the pix ports. i have a ip range. now i've been taught that you can only route between subnets and that you can't have ips of one subnet on more then one interface of a router. so that means that i need to subnet the range given me and i would like to do that the most efficient way. i only need 2 ips between the pix and the router. and the rest of the ips i would like to have in the dmz. also how many of you guys would suggest using ip subnet-zero? i haven't used it before but know that you can. since i need to subnet and i can't use the first or last subnet i need to use a mask of that gives me 4 subnets. 32-39, 40-47, 48-55, 56-63. that gives me two usable subnets. if i use one for the pix router i will be wasting 4 ips. if i subnetted that using a /30 address into 48-51, 52-55 then i can't use any ips because i one is the network and the other the broadcast addresses for that subnet. how can i do this the most efficient way? does anyone have some insight to this problem? thanks a lot.

New Member

Re: ip subnetting

I suggest you use ip subnet-zero, there is no reason not to!

if you would have had the range of

then ip subnet-zero might have been a bad idea.

but since you're on .32 to .63 there can be made no confusion about .32 being the subnet zero.

subnet zero can become a problem with routers not supporting VLSM but since you have .32 there can be no misunderstanding.

between your pix and the router you can use private addressing ( for example) as long as you don't route it anywhere..

Re: ip subnetting

Dividing your ip range to two or eight will waste many addresses But you can: for DMZ (if 13 add. is enaough) for PIX - Router conn. for future use for future use


Another solution is using another illegal address for PIX - Router. But if you're using a private addressing scheme in your network ( you should be able to use other no used blocks of this network.