08-08-2007 07:25 AM - edited 03-05-2019 05:47 PM
I know this is probably pretty basic for most of you, but I am a bit new to this and in need of assistance. I have a Cisco 2851 Router with a pair of Cisco 3560 Switches connected to it. It is a small LAN with a network address of 172.17.1.0/24. A customer (big customer) wants me to subnet my network to a /28 network to make it easier for them to configure VPN connection from our network into their system. All IPs are statically asssigned (cannot use DHCP due to an application we use). Is establishing this /28 scheme simply a matter of reassigning IPs and changing the SN Mask to 255.255.255.240? Is it true the that first and last subnets are unusable(172.17.1.0 - 172.17.1.15 & 172.17.1.240 - 172.17.1.255)? Are there any changes I need to make in the Router and/or Switches to facilitate this? By subnetting, will this result in communications between subnets being forced through the router or will communications still be handled at the switch level? Any asssitance is greatly appreciated.
08-08-2007 07:35 AM
Hi
1) Yes you will need to modify the subnet masks and change the default gateway on each of your machines.
2) You can use first and last subnets. Your 2800 will have ip subnet zero on by default.
3) On the switch you will have to create the extra vlans needed.
On the router you will need to create the extra layer 3 interfaces unless one of your switches could run as a layer 3 switch.
4) Yes communication between subnets will now have to through the router.
An example might help
You have 172.17.1.0/24 at the moment. You create
172.17.1.0/28
172.17.1.16/28
172.17.1.32/28
... etc
A machine that has an ip address of 172.16.1.34 will now need changing ie.
172.16.1.34 255.255.255.240
but it's default gateway will also need changing - this would become
172.16.1.33 (ie use the first available address out of each subnet for the routed interface on the 2811).
This is a lot of work. Could you explain exactly what the customer requirements are as there may be an easier way.
Also could you list what switches you have with what version of software and what interfaces you have available in the 2800.
Jon
08-08-2007 07:51 AM
Switches: WS-3560-48PS & WS-3560-24PS
Version: C3560-IPBASE-M, Version 12.2(25)SEB4
Router: Cisco 2851
2 Gigabit Ethernet Interfaces (one unused)
12 Serial Interfaces
1 Terminal Line
3 Channelized T1/PRI Ports
8 Voice FXS Interfaces
1 Cisco Service Engine(s)
Our customer stated that the Internal IP network address of 172.17.1.0/24 is too wide. I assume he is wanting to setup some sort of access list on his router allowing us to VPN from our network to his system. He asked for the specific static IPs assigned to the users in my network that will be accessing his system.
08-08-2007 08:04 AM
Christopher
You could use one of your 3560's to do the inter-vlan routing which would make more sense than using subinterfaces on your 2800.
However i'm not sure you need to. Surely if the customer just needs a list of static IP addresses that can VPN to his system this does not require you readdress you entire network.
As you don't use DHCP anyway could you not just supply the customer with a list of the PC IP addresses that will need access.
I am struggling to see how the above requirement converts into you having to readdress your network.
Have i misunderstood ?
Jon
08-08-2007 03:25 PM
Jon-
Sorry for delay in response...troublesome afternoon. I too was perplexed as to why they require I subnet my network if I am providing them static IPs. The customer is a major DOD contractor (big big beast of a company) and I think they're just used to bullying little companies like us into doing what they want whether it makes sense or not.
I will inquire with our customer if the static IPs will suffice to meet their needs, and upon receiving their response, post it here. Thanks a ton for your assistance and recommendations thus far...very much appreciated.
08-08-2007 07:36 AM
The fact that you are going to be using a /28 does need to be configured on the router and the switch. It is true that the first and last subnets should not be used. I believe this is debatable but it is very god practice not to use them.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide