Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7753
Views
0
Helpful
8
Replies

Two Subnets One Interface

Go to solution
kevenpenner
Level 1
Level 1

‎08-21-2011 10:55 PM - edited ‎03-04-2019 01:21 PM

Hi guys,

I have two public subnets one a /28 and a /29. They come to me on one ethernet cable from the ISP. Currently I have the ethernet cable plugged into a switch and have two 1700's running each network. I have two seperate private networks NAT'ed behind each router.

I want to use a single 1841 router to do the same thing if possible. I have added all the IP addresses to FE0/0 using the secondary command, I added both Private networks the same way to FE0/1 (192.168.0.1, 192.168.1.1 secondary). Nated the interfaces and set permit access list for both private network ranges to be nat'ed.

I am wondering what else I need to do or is it as simple as that? Do I add two IP routes? ie

0.0.0.0 0.0.0.0 Network1.Gateway.IP

0.0.0.0 0.0.0.0 Network2.Gateway.IP

Please let me know if you need more info. And thanks in advance!

K

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎08-22-2011 07:10 AM 

kevenpenner wrote:
Hi guys,
I have two public subnets one a /28 and a /29. They come to me on one ethernet cable from the ISP. Currently I have the ethernet cable plugged into a switch and have two 1700's running each network. I have two seperate private networks NAT'ed behind each router.
I want to use a single 1841 router to do the same thing if possible. I have added all the IP addresses to FE0/0 using the secondary command, I added both Private networks the same way to FE0/1 (192.168.0.1, 192.168.1.1 secondary). Nated the interfaces and set permit access list for both private network ranges to be nat'ed.
I am wondering what else I need to do or is it as simple as that? Do I add two IP routes? ie
0.0.0.0 0.0.0.0 Network1.Gateway.IP
0.0.0.0 0.0.0.0 Network2.Gateway.IP
Please let me know if you need more info. And thanks in advance!
K

If the ISP is providing a single handoff and they aren't 802.1q tagged, it means they configured the primary/secondary on their router end. Matching their setup with a single router it is possible. As far as the default route, just point the default to the primary next hop IP address as the packet will go to the same physical router.

If you create Vlans as recommended before, it may not work as you would send tagged traffic to the connected router and this configuration would need to match in both ends.

Consult your ISP and ask them how they are configured.

Regards,

Edison

View solution in original post

0 Helpful
8 Replies 8

Go to solution
RAMACHANDRA R
Level 1
Level 1

‎08-22-2011 01:16 AM

Hi

Instead of going secondary ip address for ISP and Local LAN you can have sub interface with diffrent vlan for the same ( provided the switch sholud support VLAN configuration/manegable switch).

You need to have policy routing to send your traffic out on Indivdual ISP based on /28 and /29 subnet to ensure that you or not doing asymmterical routing and ending up loosing both the internet when one ISP goes down.

Rgds

Rama

0 Helpful

Go to solution
kevenpenner
Level 1
Level 1
In response to RAMACHANDRA R

‎08-22-2011 06:49 AM

Thanks for the reply. My switch is a managed layer 3 supporting vlans. I dont actually need both the private netoworks; I could combined them into one if that would be easier. Also it's the same ISP so if one subnet goes down they both would anyway.

Is vlan still a better way to go on the outside ip blocks?

ISP block 1

ISP block 2

       |

       |

  1841 FE0/0

       |

  1841 FE0/1

       |

       |

Nat'ed local LAN

(Have servers using both blocks of IP's)

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎08-22-2011 07:10 AM 

kevenpenner wrote:
Hi guys,
I have two public subnets one a /28 and a /29. They come to me on one ethernet cable from the ISP. Currently I have the ethernet cable plugged into a switch and have two 1700's running each network. I have two seperate private networks NAT'ed behind each router.
I want to use a single 1841 router to do the same thing if possible. I have added all the IP addresses to FE0/0 using the secondary command, I added both Private networks the same way to FE0/1 (192.168.0.1, 192.168.1.1 secondary). Nated the interfaces and set permit access list for both private network ranges to be nat'ed.
I am wondering what else I need to do or is it as simple as that? Do I add two IP routes? ie
0.0.0.0 0.0.0.0 Network1.Gateway.IP
0.0.0.0 0.0.0.0 Network2.Gateway.IP
Please let me know if you need more info. And thanks in advance!
K

If the ISP is providing a single handoff and they aren't 802.1q tagged, it means they configured the primary/secondary on their router end. Matching their setup with a single router it is possible. As far as the default route, just point the default to the primary next hop IP address as the packet will go to the same physical router.

If you create Vlans as recommended before, it may not work as you would send tagged traffic to the connected router and this configuration would need to match in both ends.

Consult your ISP and ask them how they are configured.

Regards,

Edison

0 Helpful

Go to solution
kevenpenner
Level 1
Level 1
In response to Edison Ortiz

‎08-22-2011 12:43 PM

Thanks guys for all your help.

0 Helpful

Go to solution
kevenpenner
Level 1
Level 1
In response to kevenpenner

‎08-24-2011 09:25 PM

So it all worked except for one thing. I cant route between the two public subnets. Is there an easy fix?

ie.

MailServer01 on 192.168.0.1 sends out through 209.143.23.2 --->

209.143.36.4 incomming to MailServer02 192.168.1.1

209.143.23.2

209.143.35.4 secondary

       |

       |

  1841 FE0/0

       |

  1841 FE0/1

       |

       |

Nat'ed local LAN

192.168.0.254 /24

192.168.1.254 /24

       |

       |

Switch with both MailServers plugged in.

0 Helpful

Go to solution
kevenpenner
Level 1
Level 1
In response to kevenpenner

‎08-24-2011 11:58 PM

If I used sub interfaces like Rama suggested would that allow for traffic to leave one private network and arrive on the other?

0 Helpful

Go to solution
RAMACHANDRA R
Level 1
Level 1
In response to kevenpenner

‎08-25-2011 12:23 AM

Hi

We assume that  accessing both mail server on local subnet working ie 192.168.0.1 to 192.168.1.1 and vice versa, but you are not able to  reach mail servers on their nated public ip address from the server 192.168.0.1 to 209.143.36.4. and 192.168.1.1 to 209.143.23.2 .

are you doing port forwarding on router ? can you post nat config for us to analyze.

Rgds

Rama

0 Helpful

Go to solution
kevenpenner
Level 1
Level 1
In response to RAMACHANDRA R

‎08-25-2011 08:53 AM

yes they are nated and port forwarded.

Current configuration : 9866 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router

!

boot-start-marker

boot system flash c1841-adventerprisek9-mz.124-25e.bin

boot-end-marker

!

enable password 7 xxxxxxxx

!

no aaa new-model

ip cef

!

!

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

!

username xxxxx privilege 15 password 7 xxxxxxxxxxxx

archive

path flash:

maximum 2

!

!

!

!

!

!

interface FastEthernet0/0

ip address 209.143.35.4 255.255.255.240 secondary

ip address 209.143.23.2 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.0.254 255.255.255.0 secondary

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

shutdown

no fair-queue

!

interface BRI0/1/0

no ip address

encapsulation hdlc

shutdown

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

!

ip http server

no ip http secure-server

ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source static tcp 192.168.0.254 25 209.143.23.2 25 extendable

ip nat inside source static tcp 192.168.1.254 25 209.143.35.4 25 extendable

Please let meknow if you need more info.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card