Hi I Have Cisco Catalyst 3750G switch that I need to route a /24 subnet of external ips to servers connected to the switch. I wish to break this up to into /30 subnets mostly and then allocate these to servers on a specific port of the switch. I have been trying to get to this work for a while now and can't quite get it. How might I go about doing this?
Solved! Go to Solution.
When you say external IPs do you mean public IP addressing. And do you mean you are breaking the /24 down so you can use /30s per server ? If so be aware you are wasting a lot of useable addresses by doing this.
To do it on the 3750 you could do one of 2 things per server -
1) create a L2 vlan. Create a L3 SVI for that vlan and assign it an IP from a /30. Then use the other IP for the server and allocate the port the server connects to into the vlan.
2) if it is only going to be a single server you could just make the port the server connects to on the switch a routed port and assign the IP directly to the port although for end devices this is not seen very often primarily because very few people use /30s for end devices.
Either would work but 2) will only if there is a single server per subnet.
If you wanted security between servers you would need to use acls to restrict the traffic. If you need more security than acls then you probably shoudn't be using a L3 switch.
As for routing to and from this subnet, it's not possible to say without knowing more of your topology ie. how does traffic get routed to the 3750 ? Your 3750 would need to know how to route to remote subnets and your other devices would need to know how to route to the /24 subnet being used on the 3750.
Note that although using /30s on the 3750 does waste addresses for any other device that needs to route to the 3750 you can simply use the /24 route because the actual subnet mask in use only becomes relevant on the 3750 if you see what i mean.
If have misunderstood what you are trying to do please explain further.
Can you explain more about using the /24 subnet on the servers. I just have a few dedicated servers connected to a switch which has a /24 and I'd like to split this up to the various servers connected to the switch
I meant about using the /24 subnet for the servers connected to switch. The servers connected to the switch will be clients who will be ordering specific subnets so yeah a security aspect you could say.
Apologies but i am still not quite understanding what you mean by -
The servers connected to the switch will be clients who will be ordering specific subnets
what do you mean by "ordering" in the above statement.
Basically you can create /30 subnets for the servers as i have described but there may be other alternatives such as private vlans which allow you to preserve the subnet but still stop traffic between servers. Or depending on your requirements it may be easier to simply use /30s as you say although that is somewhat unusual.
Also we need to take care of routing to and from your switch so i need to understand the bigger picture.
I would like to create VLANs for each server for security yes. The idea is I have a switch with lets say 5 servers connected. I want to be able to give each one of these servers /30, /29, /28 etc, subnets. Or if it is simpler instead of having each on its own subnet be able to give each server an ip range like 192.168.1-192.168.5. (External public ips that is). Could we maybe talk in private to make it easier to communicate.
You can send me a private message on this forum ie. if you click on your name you will see a tab for messages. Just select me and send a private message but i would say that generally it's best to keep these things in the forum threads as other people refer to posts to help sort out their issues.
I'm just a bit confused because i have already suggested how you can create /30 subnets or larger on the 3750 switch, unless you need the specific commands ?
As i said though by using /30s you are wasting a lot of addresses and this is where private vlans may be of use because you can use the whole /24 without having to subnet. Private vlans allow you to control traffic between devices within the same vlan/IP subnet. You could also use VACL which although not as secure also restrict traffic within a vlan.
But if you just want to create a /30 per server then see my original post.