Solved: advice to planning migration from flat network to vlan - Cisco Community

1080

Views

0

Helpful

4

Replies

Hi, now i have a flat network with all devices with ip address on 10.39.0.0/21 subnet.

I have already a "logical" segmentation, i mean that for example printers have 10.39.2.x, client 10.39.3.x, network 10.39.0.x ecc...

Now i want to do a real segmentation with vlan and i want to keep the ip address, so now the question:

Can I migrate gradually the devices on vlan and keep the /21 mask with a /24 mask, where the ip of /21 mask are included on ip of /24 mask? i will have routing problem? Or i must set vlan on all devices in one time?

p.s: apologize my english

1 Accepted Solution

Accepted Solutions

Hello malmsteen81,

you can change the network mask on single devices in a second time taking advantage of a feature called Proxy ARP.

Under each new SVI Vlan you will need the command ip proxy-arp.

interface vlan 10

ip proxy-arp

Notice that in last IOS releases this feature is disabled by default.

Note1: the current SVI for subnet 10.39.0.0/21 has to be shut down before to be able to create the new SVI interfaces or you get an error of address overlapping and command is rejected.

However, to avoid problems you need to track each single device up to the access port it is connected to and you need to put it in the correct Vlan.

To make an example a device with IP 10.39.2.x has to be placed on the new Vlan associated to network 10.39.2.0/24. when the device attempts to use an ARP request to reach a device like 10.39.1.y the proxy ARP feature allows the router to answer with its own MAC address and solves the connectivity issue.

If the device 10.39.2.x is associated to the Vlan of IP subnet 10.39.3.0/24 it is not able to reach anyone as when it sends the ARP request for a device like 10.39.1.y the router receives a packet with source 10.39.2.x on an interface with a different subnet and the ARP request is simply dropped and proxy ARP is not occurring.

So you need to perform an accurate audit at L2 tracing all devices and finding the access port for each of them.

In the change you will need to associate each access port to the correct Vlan based on the IP address of the host connected to it.

Later you can then go on each device and change the network mask and the default gateway

Note2: the Proxy ARP may solve the wrong default gateway setting as the end device will make an ARP request for its default gateway for example 10.39.0.n what is important is that the device is in the correct Vlan so that the ARP request source IP address pass the check on the router and proxy ARP can occur.

So each device should be able to reach also outer world if it is put in the correct new Vlan.

Hope to help

Giuseppe

View solution in original post

4 Replies 4

Hello malmsteen81,

you can change the network mask on single devices in a second time taking advantage of a feature called Proxy ARP.

Under each new SVI Vlan you will need the command ip proxy-arp.

interface vlan 10

ip proxy-arp

Notice that in last IOS releases this feature is disabled by default.

Note1: the current SVI for subnet 10.39.0.0/21 has to be shut down before to be able to create the new SVI interfaces or you get an error of address overlapping and command is rejected.

However, to avoid problems you need to track each single device up to the access port it is connected to and you need to put it in the correct Vlan.

To make an example a device with IP 10.39.2.x has to be placed on the new Vlan associated to network 10.39.2.0/24. when the device attempts to use an ARP request to reach a device like 10.39.1.y the proxy ARP feature allows the router to answer with its own MAC address and solves the connectivity issue.

If the device 10.39.2.x is associated to the Vlan of IP subnet 10.39.3.0/24 it is not able to reach anyone as when it sends the ARP request for a device like 10.39.1.y the router receives a packet with source 10.39.2.x on an interface with a different subnet and the ARP request is simply dropped and proxy ARP is not occurring.

So you need to perform an accurate audit at L2 tracing all devices and finding the access port for each of them.

In the change you will need to associate each access port to the correct Vlan based on the IP address of the host connected to it.

Later you can then go on each device and change the network mask and the default gateway

Note2: the Proxy ARP may solve the wrong default gateway setting as the end device will make an ARP request for its default gateway for example 10.39.0.n what is important is that the device is in the correct Vlan so that the ARP request source IP address pass the check on the router and proxy ARP can occur.

So each device should be able to reach also outer world if it is put in the correct new Vlan.

Hope to help

Giuseppe

Hi, thanks for reply.

i know that i need to map all devices and phisycal switch port before. When you talk about delete the SVI with /21 mask what do you mean exactly?

Now on my switches (that are 3750) i have the vlan1 with ip 10.39.0.x 255.255.248.0 address that i use for management. i will must change on 10.39.0.x 255.255.255.0 before start to create vlan and start to swap the devices?

bye

Andrea

Hello malmsteen81,

>> i know that i need to map all devices and phisycal switch port before. When you talk about delete the SVI with /21 mask what do you mean exactly?

In your case you cannot shut SVI Vlan1 as it is the management interface for switches so you need to change the network mask to 255.255.255.0 on each of them at the beginning of network change.

>> Now on my switches (that are 3750) i have the vlan1 with ip 10.39.0.x 255.255.248.0 address that i use for management. i will must change on 10.39.0.x 255.255.255.0 before start to create vlan and start to swap the devices?

Yes, but this will break connectivity for users in 10.39.0.0/21 out of 10.39.0.0/24.

You will need an extended time window to make the change.

Hope to help

Giuseppe

Hi,

thanks for reply.

Yes, i will do the change on weekend.

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community