Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1046
Views
0
Helpful
1
Replies

Network Merging (but with only one device shared)

DawidRoszczyk
Level 1
Level 1

‎12-03-2020 12:43 AM

Hello,

 

I have a situation that I don't know how to solve in a best way, and I though that maybe someone here could help me.

There are two networks:

-Network A, let's call it Audio Network, with 192.168.0.x/24 that is using SG350 and is managed by me

-Network B, let's call it Control Network, with 192.168.50.x/24 that is owned by someone else.

I have about 100 devices in network A in which one of them (192.168.0.160/24) needs to be controlled from a device in network B (192.168.50.2/24) via TCP/IP on port 10055 (and at the same time I need 192.168.0.160/24 to be able to connect with all my devices in network A on all avalible ports)

Because there is a lot of unknown devices in network B I don't want to share all my devices with them (by simply changing to /16 or so) and I need to find a way to "share" only that one device I mentioned. Unfortunatelly as it is an close-infrastructure device I cannot add any additional network card...

 

What I think about is a simple logic rule:

"If something come from 192.168.50.2/24 -> send that to 192.168.0.160/24"

and I tried to do that with ACL or static routing but I cannot make it to work, so maybe anyone here have any idea how to solve that?

 

What may be also usefull is that I will not have any internet connection on network A, only LAN with static adresses. In a network B there will be an internet connection, but a device witk 192.168.50.2/24 will also have static IP address.

 

Thanks in advance,

Dawid

 

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎12-06-2020 08:46 AM

Dawid

 

If I am understanding your post correctly you have 2 requirements:

1) A device with address 192.168.0.160 must be able to communicate with all devices in the 192.168.0.0 network.

2) The device at 192.168.0.160 must be controlled by a device at 192.168.50.2 on port 10055.

Number 1) is easy and number 2 will take some work on both networks.

 

1) is easy because you have a single network and within a single network (192.168.0.0/24) all devices are locally connected. When they want to communicate they just arp for each other and communicate directly. Communication within the network is the default behavior and you would have to work pretty hard if you want to prevent communication from 192.168.0.160 to some other device in that network.

2) is more of a challenge because now you will be dealing with multiple networks. When you have multiple networks you need some additional things, particularly you introduce the need for gateways, and the need for packet forwarding logic (routing logic), and you introduce the possibility of establishing policy to control what traffic is allowed.

 

At this point I can make high level suggestions of what you will need to do. I can not make detailed suggestions of what you should do because I do not know enough about your environment. Here is what you will need:

- create a new vlan

- configure an SVI for that vlan (interface vlan n) 

- choose a new IP network that will be used as a transit network for communication between network A and network B,

- configure interface vlan n with an IP from the new transit network.

- make sure that IP routing is enabled

- configure a static route to network 192.168.50.2 using the transit network with the address on the peer as the next hop.

- configure an access list that will permit traffic from 192.168.50.2 to 192.168.0.160 on port 10055

- apply that acl to your interface on the transit network.

 

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents