Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
923
Views
15
Helpful
4
Replies

Cisco Catalyst 9200 routing decision

Go to solution
LovejitSingh130013
Level 1
Level 1

‎08-21-2021 07:35 AM

Hello Experts @Richard Burts  @balaji.bandi  @Georg Pauwen 

 

I got Cisco Switch which got vlan subnet 192.168.8.0/21 this same subnet exist on one of our other remote sites.

 

So added another vlan 10.160.x.0/24 and moved everything to it. In the end there will be very few devices which will be left on that 192.168.8.0 subnet so that we cant delete it.

 

Question is when I made Ipsec tunnel from 10.160.x.0/24 to 192.168.8.0/21 (towards other site) how routing will work because same subnet exist as directly attached. How I can make sure that traffic routes to IPsec not to the directly attached.

 

Thanks,

1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to paul driver

‎08-21-2021 02:30 PM

I am slightly confused. The beginning of the post seems to be saying that devices in the 192.168.8.0/21 subnet will be moved and the subnet will be deleted. But the later part of the post seems to be saying that some hosts in that subnet will still be locally connected and the subnet will still exist on the local device. Can you provide clarification?

I am also a bit confused about the statement that the original subnet was /21 and that all the local devices were moved into a subnet of /24. Is that an accurate statement?

If the situation is that a few devices will still be on the local network and that their addresses can not change to the new /24, then is it possible that their IP addresses might be changed to something in the 192.168.8.0 range but so that they used a much smaller contiguous group of addresses (perhaps all of the remaining devices might get addresses in 192.168.9.0/28??) In this case you could configure the interface (I guess the vlan interface) where they connect with 192.168.9.0/28. This would allow you to have a static route for 192.168.8.0/21 pointing to the vpn next hop. (This wold also depend on the remote site not using the addresses in 192.168.9.0/28)

 

HTH

Rick

View solution in original post

4 Replies 4

Go to solution
Georg Pauwen
VIP
VIP

‎08-21-2021 08:09 AM

Hello,

 

if you just have a few addresses in the 192.168.8.0/21 range left, the easiest would probably be to configure static host routes (assuming you are using VTIs for the IPSec), e.g.:

 

ip route 192.168.1.111 255.255.255.255 Tunnel 1

 

The more specific route will always have preference.

Go to solution
paul driver
VIP
VIP

‎08-21-2021 01:17 PM

Hello

@LovejitSingh130013 wrote:

Hello Experts @Richard Burts  @balaji.bandi  @Georg Pauwen 

 

I got Cisco Switch which got vlan subnet 192.168.8.0/21 this same subnet exist on one of our other remote sites.

 

So added another vlan 10.160.x.0/24 and moved everything to it. In the end there will be very few devices which will be left on that 192.168.8.0 subnet so that we cant delete it.

 

Question is when I made Ipsec tunnel from 10.160.x.0/24 to 192.168.8.0/21

how routing will work because same subnet exist as directly attached

If you can migrate hosts from a /21 (range 192.168.8.1 to 192.168.15 254)  into a  /24  then you need to look at your existing ip address management, clearly you don’t require the same /21 at both sites

Regards the transit path being directly attached, do you mean the /21 is the transit path, Can you elaborate please, maybe even post a simple topology diagram. 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to paul driver

‎08-21-2021 02:30 PM

I am slightly confused. The beginning of the post seems to be saying that devices in the 192.168.8.0/21 subnet will be moved and the subnet will be deleted. But the later part of the post seems to be saying that some hosts in that subnet will still be locally connected and the subnet will still exist on the local device. Can you provide clarification?

I am also a bit confused about the statement that the original subnet was /21 and that all the local devices were moved into a subnet of /24. Is that an accurate statement?

If the situation is that a few devices will still be on the local network and that their addresses can not change to the new /24, then is it possible that their IP addresses might be changed to something in the 192.168.8.0 range but so that they used a much smaller contiguous group of addresses (perhaps all of the remaining devices might get addresses in 192.168.9.0/28??) In this case you could configure the interface (I guess the vlan interface) where they connect with 192.168.9.0/28. This would allow you to have a static route for 192.168.8.0/21 pointing to the vpn next hop. (This wold also depend on the remote site not using the addresses in 192.168.9.0/28)

 

HTH

Rick

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎12-01-2021 12:39 AM

I am glad that our suggestions were helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card