thank you very much for the reply Sir Joseph.

by the way 1841 router is connected trough 3G modem to ISP using P2P encapsulation.

77.110.87.112/28 network => is hosted in 1841 cisco router which is connected to 3COM unmanagable switch.

192.168.1.0/24 -  is assigned to clients mannually configured. it means this is hosted only by switches.

          if this clients uses the ip address of the above users the conflict in IP is appearing and the network gets down.

thats why i want to subnet the network ang implement a good system. so that if the users in /24 network uses the ip's of /28. there's no harm to the network.

thanks in advance

Francis

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

If I correctly understand what you have now, and want you want to do, it might be accomplished by defining just two VLANs on your L3 switch.  One VLAN will be for your 77.110.87.112/28, the other for your 192.168.1.0/24.  (You could have more 192.168.x.0 subnets but unless you have more than several hundred hosts or also plan to support some special security between these subnets, you really don't need more.)

The 77.110.87.112/28 will require a new IP for the L3 switch and if you want hosts on these subnets to be able to reach 192.168.x.0/24 you'll also need static route(s) on the 1841.  (I assume it already has a static route for default point toward the Internet.)

The 192.168.x.0/24 subnet, if its interface is defined as the host gateway, should, by default, be able to route to 77.110.87.112/28 but not the Internet.

thanks for the reply SIr,

exactly what you're thinking would do.

            if  your topology could accomplish my goal then let it be. but i want 77.110.87.112/28 will connect to the internet and 192.168.1.0/24 wont.

Q: do i need to create an access list in 1841 to permit /28 network for WAN and deny /24 network?

if so. what are the proper statement that i would type.

thanks in advance

francis

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

Q: do i need to create an access list in 1841 to permit /28 network for WAN and deny /24 network?

That depends on how you routing is enabled and which devices act as gateways.

If the 1841 is the gateway for you /28 and the L3 switch the gateway for the /24(s), and if dynamic routing not enabled between them, the /24(s) won't know about the Internet.  The /28 won't either which is why I wrote it will need a static route back to the /24(s).

Of course, if the gateways resides on the same L3 devices are the two devices use a dynamic routing update that that advertises the default, you'll want an ACL.

Hello Francis

Is Cisco 1841 router's Interface is configured with the subnet 77.110.87.112/28 ?

Can you post your router's config to visualise the exact scenario?

Hello Sir, Joseph and Chandrakant,

Here's the router Configuration in packet tracer. i dont know what am doing , just be patience with me coz im just a beginner.

Current configuration : 643 bytes

!

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Router

!

!

!

!

spanning-tree mode pvst

!

!

!

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/0/0

ip address 10.1.1.2 255.255.255.252

!

!

router rip

version 2

network 10.0.0.0

network 77.0.0.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.1.1

!

!

!

!

!

!

!

line con 0

line vty 0 4

login

!

!

!

end

And here's my layer 3 switch configuration.

Current configuration : 2322 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Switch

!

!

!

!

ip dhcp excluded-address 77.110.87.113 77.110.87.114

ip dhcp excluded-address 192.168.1.1 192.168.1.10

!

ip dhcp pool VLAN10

network 77.110.87.112 255.255.255.240

default-router 77.110.87.113

dns-server 213.165.32.134

ip dhcp pool VLAN1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 192.168.1.1

ip routing

!

!

!

!

!

!

!

!

!

!

spanning-tree mode rapid-pvst

!

!

!

!

interface FastEthernet0/1

description CONNECTION TO ROUTER 1841

switchport mode trunk

!

interface FastEthernet0/2 - assigned to vlan 1

switchport mode access

!

interface FastEthernet0/3 - assigned to vlan 10

switchport access vlan 10

  ip helper-address 192.168.1.2

switchport mode access

!

!

interface Vlan1

ip address 192.168.1.2 255.255.255.0

!

interface Vlan10

ip address 77.110.87.113 255.255.255.240

ip helper-address 192.168.1.2

!

router rip

version 2

network 77.0.0.0

network 192.168.1.0

!

ip classless

ip route 192.168.1.0 255.255.255.0 192.168.1.1

!

!

!

!

!

!

!

line con 0

line vty 0 4

login

!

!

!

end

I want VLAN 10 to connect to the internet and vlan1 locally.

but both VLANs should share files and printers.

thanks in advance

francis

Hello Francis

Set the default router as 192.168.1.2 in IP dhcp vlan1 and remove DNS entry.

ip dhcp pool VLAN1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.2

Remove "ip route 192.168.1.0 255.255.255.0 192.168.1.1"

Test and let me know the status.

Cheers

Chandrakant

Thanks a lot Sir Chandrakant,

          I did what you've said but when i ping 192.168.1.1 which is the router, from vlan 10(77.110.87.114), there's no reply.

          but when i ping 192.168.1.2 and the rest of the clients in vlan 1 from VLAN10 it is replying.

what else do i need to add to my layer 3 switch so that my vlan 10 will reach the WAN.

thanks in advance,

Francis

Hello Francis

Ammend the config of layer 3 switch as highlighted below and let me know the status.

interface FastEthernet0/1

description CONNECTION TO ROUTER 1841

switchport mode access

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Thanks Sir,

Here's my new configuration, but no luck.

Current configuration : 2266 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Switch

!

!

!

!

ip dhcp excluded-address 77.110.87.113 77.110.87.114

ip dhcp excluded-address 192.168.1.1 192.168.1.10

!

ip dhcp pool VLAN1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.2

ip dhcp pool VLAN10

network 77.110.87.112 255.255.255.240

default-router 77.110.87.113

dns-server 4.2.2.2

ip routing

!

!

!

spanning-tree mode rapid-pvst

!

!

!

!

interface FastEthernet0/1

description CONNECTION TO ROUTER 1841

switchport trunk encapsulation dot1q

switchport mode access

!

interface FastEthernet0/2

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 10

switchport mode access

!

interface Vlan1

ip address 192.168.1.2 255.255.255.0

!

interface Vlan10

ip address 77.110.87.113 255.255.255.240

ip helper-address 192.168.1.1

!

router rip ---------------------------------------------------------------> is there a problem if i use rip in my layer 3 switch?

version 2

network 77.0.0.0

network 192.168.1.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

end

thanks in advance

Hello Francis

Remove the command "switchport trunk encapsulation dot1q" and test.

interface FastEthernet0/1

description CONNECTION TO ROUTER 1841

no switchport trunk encapsulation dot1q

switchport mode access

RIP will not be a problem as Static routes will preferred over RIP routes.

Cheers