Solved: Merging 2 Separate Networks on 1 Cisco Router, different subnets

NateJewett0517 · ‎08-05-2019

Hello -

I have a branch location that exists on a 192.168 subnet that will be physically moving into our main location that is on a 10.10 subnet. I am hoping that I can use the Cisco 2951 Router at the main site to handle both networks, but do not have much experience doing that. The services rendered by this branch site requires it to remain on the 192.168 subnet for the time being. Is there a way to run both subnets off 1 router and 1 curcuit? Or, is it a requirement to bring the existing circuit from the branch site into the picture and have it hooked up via that?

My first post in the Cisco Community Forums, so thank you in advanced for any insight.

paul driver · ‎08-06-2019

Hello

Basically you'll need to do something similar to below.

Main Site router
1) create a sub-interface for the branch users and assign them a vlan and advertise this subnet into eigrp

int gig0/0.10
description branch_site_users_vlan 10
encapsulation dot1q 10
ip address 192.168.171. 255.255.255.0
ex

router eigrp 100
no auto-summary
network 192.168.171.1 0.0.0.0

2) create a dhcp pool as per branch site
ip dhcp excluded-address 192.168.171.0 192.168.171.69

ip dhcp pool nchs
network 192.168.171.0 255.255.255.0
default-router 192.168.171.1
dns-server 10.0.0.5 10.0.0.6 10.1.0.5
Lease 0 8

Firewall

Add a static route pointing back to the main router for new subnet ( note not applicable if eigrp is running between the fw and the main branch router)

route Inside 192.168.171.0 255.255.255.0 10.x.x.x

Add the new subnet to exiting NAT rules

object network LAN
subnet 10.10.1.0 255.255.255.0
subnet 192.168.171.0 255.255.255.0

nat (Inside,Outside) after-auto source dynamic LAN interface

Switch

On the switchport connecting to main site router , change this into a a trunk port so to allow communication for the now two subnets and create L2 vlan for the new vlan users.

int x/x
description link to main site router
switcphort mode trunk
exit

vlan 10
name branch users
exit

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

balaji.bandi · ‎08-05-2019

You can run both subnet in same router with 1 ISP link or 2 ISP Links ( depends on the link speed and utilisation of users)

on the extiing router add the new IP range and add them to NAT pool so user can get internet and can also access local 10.X range vice versa.

here is the example to setup one :

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Dennis Mink · ‎08-05-2019

Yes the 2951's can do intervlan routing, so you can route between the two internal subnets.

send current config so we can append

I am assuming you have 1 internet link or WAN link that will serve both? like Balji said that should be a matter of expanding NAT statements to include new subnets, but again send curent

Please remember to rate useful posts, by clicking on the stars below.

NateJewett0517 · ‎08-06-2019

Thank you both for the reply, definitely sending me in the right direction on this. Yes, I am hoping that 1 WAN link can service both of the subnets. Currently, the sites are running off their own routers and links, so I will send along the configs for both.

Branch Location:

hostname WIC-Encinitas
!
boot-start-marker
boot-end-marker

aaa session-id common
memory-size iomem 15
clock timezone PST -8
clock summer-time PDT recurring
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.171.0 192.168.171.69
!
ip dhcp pool nchs
network 192.168.171.0 255.255.255.0
default-router 192.168.171.1
dns-server 10.0.0.3 10.0.0.4
lease 15
!
!
ip name-server 10.0.0.3
ip name-server 10.0.0.4
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!

!
!
!
!
!
!
interface FastEthernet0/0
description LAN Connection
ip address 192.168.171.1 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
description Cox MPLS
ip address 192.168.168.171 255.255.255.0
speed 100
full-duplex
!
router eigrp 100
network 10.0.0.0
network 192.168.1.0
network 192.168.168.0
auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.168.254
!
!
ip http server
no ip http secure-server
!
logging 10.0.0.4
snmp-server community public RO
snmp-server community nchspriv RW 10
snmp-server community nchspub RO 11
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server host 10.0.0.83 pubnchs
!
!
!
control-plane
!
bridge 1 protocol ieee
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
transport input telnet
!
scheduler allocate 20000 1000
ntp clock-period 17207936
ntp server 10.0.0.3
!
end

Main Site:

version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NCHS-ENCINITAS
!
boot-start-marker
boot-end-marker
!
!
no logging console
enable secret 5 $1$oJnT$SNlhTUQWgoEYcdnlydmsR.
enable password 7 091D400A160B03000400
!
aaa new-model
!
!
aaa authentication login default local-case
!
!
!
!
!
!
aaa session-id common
clock timezone PST -8 0
clock summer-time PDT recurring
!
!
!
!
!
!
!
!
!
!

!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.1.0 10.10.1.69
!
ip dhcp pool nchs
network 10.10.1.0 255.255.255.0
default-router 10.10.1.1
option 176 ascii "MCIPADD=192.168.85.31,10.3.1.31,MCPORT=1719,L2QAUD=6,TFTPSRVR=10.0.0.203,HTTPSRVR=10.0.0.203"
option 242 ascii "MCIPADD=192.168.85.31,10.3.1.31,MCPORT=1719,L2QAUD=6,TFTPSRVR=10.0.0.203,HTTPSRVR=10.0.0.203"
dns-server 10.0.0.5 10.0.0.6 10.1.0.5
lease 15
!
ip dhcp pool nchs_acg
host 10.10.1.143 255.255.255.0
hardware-address 01b8.27eb.4fdd.4e
client-name ACG-Encinitas
!
!
!
ip domain name nchs-health.org
ip name-server 10.0.0.5
ip name-server 10.0.0.6
ip name-server 10.1.0.5
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO2951/K9 sn FTX1703AM74
!
!
!
redundancy
!
!
!
!
!
!
class-map match-any VoIP
match ip dscp ef
match ip dscp af41
match access-group 100
!
policy-map voipQoS
class VoIP
priority 768
class class-default
fair-queue
random-detect dscp-based
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description LAN Connection
ip address 10.10.1.1 255.255.255.0
ip flow ingress
ip flow egress
ip policy route-map SDWAN
duplex full
speed 1000
!
interface GigabitEthernet0/1
ip address 192.168.1.10 255.255.255.0
ip flow egress
duplex full
speed 100
service-policy output voipQoS
!
interface GigabitEthernet0/2
description SD-WAN
ip address 10.10.2.1 255.255.255.128
duplex auto
speed auto
!
!
!
router eigrp 100
network 10.0.0.0
network 192.168.1.0
!
ip local policy route-map localtraffic
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip flow-export version 5
ip flow-export destination 10.0.0.94 2055
!
ip route 0.0.0.0 0.0.0.0 10.0.0.207
ip route 54.193.207.248 255.255.255.255 10.0.0.207
ip route 64.34.22.218 255.255.255.255 10.0.0.207
ip route 64.34.22.221 255.255.255.255 10.0.0.207
ip route 64.34.22.222 255.255.255.255 10.0.0.207
ip route 64.34.22.223 255.255.255.255 10.0.0.207
ip route 64.62.142.2 255.255.255.255 10.0.0.207
ip route 64.62.142.12 255.255.255.255 10.0.0.207
ip route 104.154.25.115 255.255.255.255 10.0.0.207
ip route 108.161.147.0 255.255.255.255 10.0.0.207
ip route 170.146.39.22 255.255.255.255 10.0.0.207
ip route 170.146.39.167 255.255.255.255 10.0.0.207
ip route 170.146.96.22 255.255.255.255 10.0.0.207
ip route 199.231.78.0 255.255.255.255 10.0.0.207
ip route 207.254.3.240 255.255.255.255 10.0.0.207
ip route 209.134.58.52 255.255.255.255 10.0.0.207
!
ip access-list extended SDWAN
permit ip any 10.80.11.0 0.0.0.255
permit ip any 10.0.0.0 0.0.255.255
permit ip any 10.100.0.0 0.0.0.255
permit ip any 10.100.1.0 0.0.0.255
permit ip any 192.168.85.0 0.0.0.255
permit ip any 10.10.1.0 0.0.0.255
!
logging host 10.0.0.4
ipv6 ioam timestamp
!
route-map localtraffic permit 10
match ip address SDWAN
set ip next-hop 10.10.2.2
!
route-map SDWAN permit 10
match ip address SDWAN
set ip next-hop 10.10.2.2
!
!
snmp-server community public RO
snmp-server community nchspriv RW 10
snmp-server community nchspub RO 10
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server host 10.0.0.94 pubnchs
!
!
!
control-plane
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
transport input telnet
!
scheduler allocate 20000 1000
ntp server 10.0.0.3
!
end

balaji.bandi · ‎08-06-2019

On high level your NAT taking place in different device. ? what is the device 10.0.0.207 you point as GW.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

NateJewett0517 · ‎08-06-2019

Yes the NAT policies currently exist on our Firewall, which is the 10.0.0.207

balaji.bandi · ‎08-06-2019

Then you should have your 192 or new IP range need to route to FW and make NAT configuration and ACL in the FW (by the what FW, ASA or any other vendor?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver · ‎08-06-2019

Hello

Basically you'll need to do something similar to below.

Main Site router
1) create a sub-interface for the branch users and assign them a vlan and advertise this subnet into eigrp

int gig0/0.10
description branch_site_users_vlan 10
encapsulation dot1q 10
ip address 192.168.171. 255.255.255.0
ex

router eigrp 100
no auto-summary
network 192.168.171.1 0.0.0.0

2) create a dhcp pool as per branch site
ip dhcp excluded-address 192.168.171.0 192.168.171.69

ip dhcp pool nchs
network 192.168.171.0 255.255.255.0
default-router 192.168.171.1
dns-server 10.0.0.5 10.0.0.6 10.1.0.5
Lease 0 8

Firewall

Add a static route pointing back to the main router for new subnet ( note not applicable if eigrp is running between the fw and the main branch router)

route Inside 192.168.171.0 255.255.255.0 10.x.x.x

Add the new subnet to exiting NAT rules

object network LAN
subnet 10.10.1.0 255.255.255.0
subnet 192.168.171.0 255.255.255.0

nat (Inside,Outside) after-auto source dynamic LAN interface

Switch

On the switchport connecting to main site router , change this into a a trunk port so to allow communication for the now two subnets and create L2 vlan for the new vlan users.

int x/x
description link to main site router
switcphort mode trunk
exit

vlan 10
name branch users
exit

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

NateJewett0517 · ‎08-06-2019

This is all super helpful information, I will give it a shot