Re: Two blocks of IPs and one subnet mask

f-gorman · ‎01-07-2004

I have two blocks of IPS and two subnetmask's

64.132.148.48/28

usable 64.132.148.49 <-> 64.132.148.62

netmask 255.255.255.240

second set

64.132.148.64/27

usable 64.132.148.65 <-> 64.132.148.94

netmask 255.255.255.224

In my route e/0 what netmask shuold I be puting in ????

Frank G

h.dziewa · ‎01-07-2004

Well, you could put both of these subnets under a single interface, one as a secondary address.

interface e/0

ip address 64.132.148.94 255.255.255.224

ip address 64.132.148.62 255.255.255.240 secondary

This will allow you to use addresses from both subnets, but you will loose couple IP's and will need

to manage the host assignments properly.

There is no way here to just assign a one subnet mask for both networks, and end up with a merged subnet. You loose 3 addresses all together, one by having second IP assigned to the same interface as well as loosing 2 extra IP's on the network/broadcast addresses. On top of that you might need to enable fast switching on the same interface for cummunication between both subnets to allow for better performance, but it's not required.

The best way to deal with this would be to request an address space of /26 type for example, if possible.

f-gorman · ‎01-07-2004

Here is my delema

Web_#2#sh runn

Building configuration...

Current configuration:

!

version 11.0

no service pad

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

service password-encryption

no service udp-small-servers

no service tcp-small-servers

!

hostname Sug_Web_#2

!

clock timezone est -5

clock summer-time edt recurring

enable secret xxxx

!

no ip bootp server

ip subnet-zero

no ip source-route

no ip domain-lookup

!

interface Ethernet0

description internal LAN.DMZ

ip address x.x.x.49 255.255.255.240

no ip directed-broadcast

no ip mroute-cache

!

interface Serial0

description External Internet WAN

ip address x.x.x.170 255.255.255.252

no ip directed-broadcast

no ip mroute-cache

encapsulation ppp

no fair-queue

!

interface Serial1

no ip address

no ip mroute-cache

shutdown

!

ip default-gateway 207.250.82.169

ip classless

ip route 0.0.0.0 0.0.0.0 207.250.82.169

ip route 64.132.148.50 255.255.255.255 64.132.148.62

ip route 64.132.148.51 255.255.255.255 64.132.148.62

ip route 64.132.148.52 255.255.255.255 64.132.148.62

ip route 64.132.148.53 255.255.255.255 64.132.148.62

ip route 64.132.148.54 255.255.255.255 64.132.148.62

ip route 64.132.148.56 255.255.255.255 64.132.148.62

ip route 64.132.148.57 255.255.255.255 64.132.148.62

ip route 64.132.148.58 255.255.255.255 64.132.148.62

ip route 64.132.148.59 255.255.255.255 64.132.148.62

ip route 64.132.148.61 255.255.255.255 64.132.148.62

ip route 64.132.148.64 255.255.255.224 64.132.148.48

ip route 64.132.148.67 255.255.255.255 64.132.148.62

ip route 64.132.148.94 255.255.255.255 64.132.148.62

logging buffered

access-list 2 permit 64.132.123.18

access-list 2 permit 208.46.16.50

access-list 2 permit 64.132.148.48 0.0.0.15

access-list 13 permit 64.132.148.75

access-list 13 permit 64.132.148.53

access-list 13 permit 64.132.148.60

access-list 13 permit 64.132.123.20

access-list 13 permit 64.132.123.18

access-list 13 permit 24.27.208.2

access-list 13 permit 208.46.16.50

access-list 13 permit 64.132.148.48 0.0.0.15

access-list 101 deny 53 any any

access-list 101 deny 55 any any

access-list 101 deny 77 any any

access-list 101 deny 103 any any

access-list 101 permit ip any any

no cdp run

snmp-server community public RO

!

line con 0

line aux 0

transport input all

line vty 0 4

access-class 13 in

password xxxxxx

login

!

end

Can you give me any help as to how to have the second subnet to be recognized.

Frank

Thank you for any help you may provide

prafuljaded · ‎01-07-2004

If I understand your post properly, you want to use two IP subnets on the ethernet 0 interface. Or let us know what exactly you want to do?

conf t

interface Ethernet0

description internal LAN.DMZ

ip address 64.132.148.49 255.255.255.240

ip address 64.132.148.65 255.255.255.224 secondary

No need for ip route commands:

ip route 64.132.148.50 255.255.255.255 64.132.148.62

ip route 64.132.148.51 255.255.255.255 64.132.148.62

ip route 64.132.148.52 255.255.255.255 64.132.148.62

ip route 64.132.148.53 255.255.255.255 64.132.148.62

ip route 64.132.148.54 255.255.255.255 64.132.148.62

ip route 64.132.148.56 255.255.255.255 64.132.148.62

ip route 64.132.148.57 255.255.255.255 64.132.148.62

ip route 64.132.148.58 255.255.255.255 64.132.148.62

ip route 64.132.148.59 255.255.255.255 64.132.148.62

ip route 64.132.148.61 255.255.255.255 64.132.148.62

ip route 64.132.148.64 255.255.255.224 64.132.148.48

ip route 64.132.148.67 255.255.255.255 64.132.148.62

ip route 64.132.148.94 255.255.255.255 64.132.148.62

Also you havent applied the access-list to any of your interface as seen in the config

f-gorman · ‎01-07-2004

Yes thats exactly what I need.

The first answer I thought was in reverse but gave me some more info on my investigation.

I will aply my access-list to an interface when I make these changes.

Thank you for your help

Frank

baileja · ‎01-07-2004

Hey Frank, how about giving the man his points if his post helped you??? I guess Ill have to do it for you.

solaris1975 · ‎01-07-2004

Hi Frank

I have a very small problem as I would like to know how do I assign access list to specific interface.

f-gorman · ‎01-08-2004

go to the interface that you would like your access-list to run on and then type in ip access-group 13 in or out. 13 is just a number of the group.

You have to build your access-list to permit or deny IP's