Communication between same internal network in different VLAN

SJ K · ‎07-23-2015

Hi all,

In a recent project, 2 of my network administrator configured the same network range for 2 different VLAN. All the devices in the different VLAN are already assigned IP and and communicate with one another in their own VLAN with no issue.

They are not aware that each of them are using the same range, until customer require the 2 VLAN to talk to each other.

Coming to that, bring me to think..

q1) can 2 internal network of the same range actually communicate with 1 another ?

q2) if the answer is no, the issue above occur within an organization which i think is still rare (due to the negligence) , but what if a HQ branch need to communicate with its overseas branch through a tunnel, but each of them have the same network/subnet range ?

q3) what can be done to resolve the issue above (different vlan, same network/subnet)

Regards,

Noob

Traian Bratescu · ‎07-23-2015

Hi,

They can communicate even if they have the same IP address range but you need to trick them a little bit....

The ideea is to hide both ranges using nat (both source and destination). If they are both using network X you will use 2 additional classes:

left X sees the right X using network Y

right X sees the left X using network Z

So if left X wants to speak to right X the destination of the packet will be Y. The router in between will make a source NAT to hide the left X using Z and a destination NAT to change Y to X.

Hope this clarifies a little bit;

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13774-3.html

There is also info on a different forum:

https://supportforums.cisco.com/discussion/10832901/overlapping-networks-and-nat

Traian

abhimukherjee911 · ‎07-23-2015

Hi KOH SZE JIE,traian.bratescu,

From my understanding dual natting will not work in this scenario because Nat will be happening in the L3 domain of the vlan X in left or vlan Y in right half, but as from L3 perspective they belongs to same network . so, traffic will not even come to the L3 domain rather be stuck on the L2 domain in on a half seaching for the mate via brodcasting....

I think the best way here would be to match the L2 vlan id on both sphere and propagate that vlan over the trunks on the intermediate devices between both two switches and create a single brodcast domain between the two. Also you may need to change the ip address on the L3 interfaces on the switches different from each other if they are same, ex:192.168.1.1 and 192.168.1.2

Please let me know ur thoughts or if I am missing anything.

Cheers,

abhi

Traian Bratescu · ‎07-23-2015

Please read my initial post.... The real addresses are hidden with different networks so left X sees right X as Y... that way you force L3 routing.

Traian

Joseph W. Doherty · ‎07-23-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

What Traian described (double NAT) will work.

Each physically separate network "sees" the other network's hosts as being on a different network than its own, i.e. they don't consider the other physically separated network as part of their network.