cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
923
Views
15
Helpful
4
Replies

Cisco Catalyst 9200 routing decision

Hello Experts @Richard Burts  @balaji.bandi  @Georg Pauwen 

 

I got Cisco Switch which got vlan subnet 192.168.8.0/21 this same subnet exist on one of our other remote sites.

 

So added another vlan 10.160.x.0/24 and moved everything to it. In the end there will be very few devices which will be left on that 192.168.8.0 subnet so that we cant delete it.

 

Question is when I made Ipsec tunnel from 10.160.x.0/24 to 192.168.8.0/21 (towards other site) how routing will work because same subnet exist as directly attached. How I can make sure that traffic routes to IPsec not to the directly attached.

 

Thanks,

1 Accepted Solution

Accepted Solutions

I am slightly confused. The beginning of the post seems to be saying that devices in the 192.168.8.0/21 subnet will be moved and the subnet will be deleted. But the later part of the post seems to be saying that some hosts in that subnet will still be locally connected and the subnet will still exist on the local device. Can you provide clarification?

I am also a bit confused about the statement that the original subnet was /21 and that all the local devices were moved into a subnet of /24. Is that an accurate statement?

If the situation is that a few devices will still be on the local network and that their addresses can not change to the new /24, then is it possible that their IP addresses might be changed to something in the 192.168.8.0 range but so that they used a much smaller contiguous group of addresses (perhaps all of the remaining devices might get addresses in 192.168.9.0/28??) In this case you could configure the interface (I guess the vlan interface) where they connect with 192.168.9.0/28. This would allow you to have a static route for 192.168.8.0/21 pointing to the vpn next hop. (This wold also depend on the remote site not using the addresses in 192.168.9.0/28)

 

HTH

Rick

View solution in original post

4 Replies 4

Hello,

 

if you just have a few addresses in the 192.168.8.0/21 range left, the easiest would probably be to configure static host routes (assuming you are using VTIs for the IPSec), e.g.:

 

ip route 192.168.1.111 255.255.255.255 Tunnel 1

 

The more specific route will always have preference.

Hello


@LovejitSingh130013 wrote:

Hello Experts @Richard Burts  @balaji.bandi  @Georg Pauwen 

 

I got Cisco Switch which got vlan subnet 192.168.8.0/21 this same subnet exist on one of our other remote sites.

 

So added another vlan 10.160.x.0/24 and moved everything to it. In the end there will be very few devices which will be left on that 192.168.8.0 subnet so that we cant delete it.

 

Question is when I made Ipsec tunnel from 10.160.x.0/24 to 192.168.8.0/21

how routing will work because same subnet exist as directly attached


If you can migrate hosts from a /21 (range 192.168.8.1 to 192.168.15 254)  into a  /24  then you need to look at your existing ip address management, clearly you don’t require the same /21 at both sites

Regards the transit path being directly attached, do you mean the /21 is the transit path, Can you elaborate please, maybe even post a simple topology diagram. 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I am slightly confused. The beginning of the post seems to be saying that devices in the 192.168.8.0/21 subnet will be moved and the subnet will be deleted. But the later part of the post seems to be saying that some hosts in that subnet will still be locally connected and the subnet will still exist on the local device. Can you provide clarification?

I am also a bit confused about the statement that the original subnet was /21 and that all the local devices were moved into a subnet of /24. Is that an accurate statement?

If the situation is that a few devices will still be on the local network and that their addresses can not change to the new /24, then is it possible that their IP addresses might be changed to something in the 192.168.8.0 range but so that they used a much smaller contiguous group of addresses (perhaps all of the remaining devices might get addresses in 192.168.9.0/28??) In this case you could configure the interface (I guess the vlan interface) where they connect with 192.168.9.0/28. This would allow you to have a static route for 192.168.8.0/21 pointing to the vpn next hop. (This wold also depend on the remote site not using the addresses in 192.168.9.0/28)

 

HTH

Rick

I am glad that our suggestions were helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
Review Cisco Networking for a $25 gift card