Routing and bridging ip traffic?

Kypamop · ‎12-18-2004

Hello, All!

Have a question: is it possible to make my Catalyst route one kind of packet (defined by ACL 172.16.0.0 0.0.255.255) and switch all other kind of packets via standart switching based on MAC.

My objective is to migrate hosts from old addressing scheme(192.168.x.y) based on static assignment and NOT concerned with port to new DHCP-based scheme. Since we cannot do it at the same time, both addressing must exist some time.

As I see, this is smart solution to my objective.

Thanks in advance!!!

Kevin Dorrell · ‎12-18-2004

I don't know whether I fully understand the implications of the question, but I think what you are describing is what a multilayer switch does anyway.

If I understand right, your old network is 192.168.x.y, static assignment, and switched between hosts on that network. Your new network is 172.16.0.0/16, assigned by DHCP. But I presume you want hosts on the new network to talk to each other at layer 2, by MAC address, as is normal. Furthmore, I presume that the old and the new should talk to each other via layer 3; that is also normal.

You need a switch that is capable of routing, so I guess you have a 3550 or something similar.

So, unless I have misunderstood the problem, this is just a case of making a VLAN for the old network, (I suppose you are using the default, VLAN 1) and another VLAN for the new, (say VLAN 16) and using the routing functions to connect them.

Create two SVI VLAN interfaces, one for the old network, one for the new network, and give them IP addresses. Ensure that the old machines use the VLAN 1 interface as a default gateway. Ensure that the DHCP tells the new machines to use the VLAN 16 interface as default gateway. And it should all work. You will not need any ACLs, as the IP address range of each VLAN is defined by the mask you put on its VLAN interface.

Kevin Dorrell

Luxembourg

Kypamop · ‎12-18-2004

Kevin, thanx for your answer! You understood almost right.

Old network was totaly switched and no routing was available. The only router is FreeBSD-router leading to Internet via PAT. Because it also have web-server with billing info, I can't just put server ip address to any SVI on Catalyst. So, I need exactly switching on old addressing. Another problem is that in a new scheme I want to assign all available port into different vlan and route between them, i.e:

Int Gig0/0

no switchport

ip add 172.16.0.1 255.255.255.0

Int Gig0/1

no switchport

ip add 172.16.1.1 255.255.255.0

and so on to Gig0/24

So as you see, where are no place for old net, which is connected to the same switchports.

To Be Continued \/

Kypamop · ‎12-18-2004

During studing CCNP, I heard about fallback bridging, created for similar issues: to bridge traffic, which can't be routed. But unfortunately this feature created for bridging some legacy, non-IP traffic. I need similar functionality for part of IP, defined by ACL.

May be I need another migration solution, like: no routing for 172.16.x.y at first time, all port will become switchports and all new scheme clients will share common broadcast domain.

Any suggestion or comments will be appreciable!

scottmac · ‎12-18-2004

Normally, changing the IP addresses network-wide can be accomplished by adding a "SECONDARY" address to the router's LAN interfaces.

For example:

The original address scheme (on the router):

conf t

int fa0/0

ip addr 172.16.1.0 255.255.255.0

no shut

ctrl-z

To add a secondary IP address (another active address block 192.168.1.0:

conf t

int fa0/0

ip addr 172.16.1.0 255.255.255.0 <-for the old hosts

ip addr 192.168.1.0 255.255.255.0 SECONDARY

no shut

ctrl-z

Hosts with the old address (172.16.1.X) will operate concurrently with hosts running the new addresses (192.168.1.X).

This will allow a lower-stress conversion and doesn't require adding VLANs & VTP configuration.

It is NOT recommended for long-term operation, but is useful for address transitions.

You can have more than one SECONDARY address per interface.

You cannot route and bridge the same protocol with the same interfaces on the same router / L3 switch.

You can route route IP and bridge NETBIOS, AppleTalk, and everything that's not IP.

You can set up a Bridge Virtual Interface (BVI) where a group of ports bridge to each other, but troute to any other interface or group of ports outside the BVI group.

From your first post, it sounds like SECONDARY addressing will do the trick for you (but pilot it first if you have any doubt).

Good Luck

Scott