We are using a 16 bit subnet mask in our remote branches.
I don't know exactly why it was done this way other than to reduce to size of the route tables.
Each device is designated by the third octet of the ip address:
Servers = 10.2.10.x/16
Workstations = 10.2.40.x/16
Printers = 10.2.10.x/16
UPS = 10.2.200.x/16
and so on.
All devices are uisng the same default gateway and are in the same VLAN in the branch:
So, the other sites see this site as 10.2.0.0 in the route table.
The branch also has a voice subnet that is in a seperate VLAN and subnet with it's own default gateway:
Phones = 10.242.120.x
DG = 10.242.70.1/16
Both of these are trunked from the switch to the router, and the router is configured with subinterfaces for the two subnets.
My question is regarding the need to add additional subnets in the branch for VMWare.
We need two additional vlans in each branch.
If I go to a 24 bit subnet mask and begin to seperate everything at each branch, in addition to adding the additional vlans, the route tables are going to get much larger.
I am also limited to the number of address combinations I can use to seprate everything and still use the convention that has been established.
Would it be possible to leave the existing devices as they are and add two new vlans with default gateways (subinterfaces) to this site:
VMWare = 10.2.11.0/24
Default gateway = 10.2.11.254/24
VMWare2 = 10.2.21.0/24
Default gateway = 10.2.21.254/24
Is this possible to do without any adverse affects?
ur address 10.2.11.0/24 and 10.2.21.0/24 are still part of your 10.2.0.0 network.
Since there were so many host and u created a small subnet in same network 10.2.0.0.
Ur other network 10.242.120.x/16 is different network.
At layer 2 i dont see any problem but have no idea,have no idea at this moment about layer 3 issues.
Is this possible to do without any adverse affects?
Plenty. In addition the routing device won't allow you to configure 2 different Vlans with overlapping subnets.
If you were to break the subnets while keeping the same Layer2 Vlan, it's possible - but you will find that devices with subnets holding the longest mask will have no reachability to devices residing in other subnets.
My recommendation is to pick another range such as: 10.5.0./24 for instance and build out your new IP scheme from there.
There is noting wrong with that, but is it possible you could us with a rough diagram of how the topology looks like?
"If I go to a 24 bit subnet mask and begin to seperate everything at each branch, in addition to adding the additional vlans, the route tables are going to get much larger."
Don't forget that you can still advertise the 10.2.0.0/16 network to the head office and other branch sites though so the routing tables will really only increase in the branch site. And how many extra routes are we talking about. Even if you created 100 vlans that's still only 100 extra routes which any router can handle.
If you choose to start over as Edison suggested with a completely different subnet range then make sure you plan for the future so and use a summarisable group of class C addresses that can still be advertised as one address to the rest of your network.
Thanks for the reply.
Currently the switch at the site is a 3660 but has a layer 2 only image on it.
The two vlans at the site (all devices are in one vlan, voice is in another)are trunked from the switch and there are subinterfaces on the router etherent interface.
I have another ethernet on the router that I can use.
Would the better choice be to continue to add subinterfaces for the additional vlans/subnets on the ethernet interface, or use the second interface and add the new vlans to it?
I could also put a layer three image on the switch and create SVIs on the 3660 and use the additional etherent interface as the default gateway for the SVIs, SVI being gateway for the new vlan/subnets.
If you use subinterface u r going to use that link for all your vlans. That interface become single point of failure.
Will be better if u can use the other interface.
I recommend going with the 3560 inter-vlan routing. You will use the switch fabric from inter-vlan connectivity which is way much faster than a router LAN connection.
Depends on the 3560 model, you can be looking at 17 to 32 Gbps.
It looks like the 3560 does support layer three.
It is the 3550 that does not, so my switch does have the layer three image on it.
The 3560 comes with IP Base at a minimum which has limited routing support.
Q. What software images does the Cisco Catalyst 3560 Series support?
A. The Cisco Catalyst 3560 Series can be purchased with the IP Base or IP Services licenses pre-installed. The IP Base license (formerly called the Standard Multilayer Image, or SMI) offers advanced QoS, rate limiting, ACLs, and basic static and Routing Information Protocol (RIP) routing functions. The IP Services license (formerly called the Enhanced Multilayer Image, or EMI) provides a richer set of enterprise-class features, including advanced hardware-based IP unicast and IP Multicast routing as well as policy-based routing (PBR). The Advanced IP Services license, although not available as a pre-installed option, upgrades Cisco Catalyst 3560 Series switches to include IPv6 routing and IPv6 ACL support. Upgrade licenses are available to upgrade a switch from the IP Base license to the IP Services license or Advanced IP Services license as well as from the IP Services license to the Advanced IP Service license.
You can find this information at http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5528/prod_qas09186a00801f3d71.html
As Mark has said your'e 3560 will support routing whichever image it has on it. IP Base gives basic routing functionality whereas IP services has the full set.
From memory i recall that IP Base supports EIGRP stub routing and this could be what you need, could be because i'm not clear on what routing protocol you use in your network.
All the local vlans within the branch site will be directly connected on the 3560 so either image would be fine for that.