Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
711
Views
0
Helpful
2
Replies

Location based subnet ACL and routing

william.culver
Level 1
Level 1

‎01-10-2011 01:43 PM - edited ‎03-06-2019 02:54 PM

I have several locations which I would like to create ACL and route statements for.  Each location has multiple subnets for example, with a range from 10.20.x.x - 10.29.x.x.  (Specific subnets isolate various types of traffic, etc.)  Each location is identified by the third octet, so for example, location 1 has the above subnets with a range of 10.20.60.x - 10.29.69.x.  Each subnet can be anything from a /16 to /30.  I would like some input on creating statements which allow me to route traffic and create ACLs efficiently between sites without having numerous statements so that I could for example, have one statement that sends all of the subnets for a specific location to a specific IP.  This is all utilizing layer 3 switches.  If changing my ranges to groups of 8 (or some other multiple of 2) instead of 10 makes it easier, including for example, using 10.16.56.x - 10.23.63.x in the above case, it is early enough that I could modify my plans.  If you have any suggestions, please reply ASAP.

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎01-10-2011 02:05 PM 

william.culver@sarasotagov.com
I have several locations which I would like to create ACL and route statements for.  Each location has multiple subnets for example, with a range from 10.20.x.x - 10.29.x.x.  (Specific subnets isolate various types of traffic, etc.)  Each location is identified by the third octet, so for example, location 1 has the above subnets with a range of 10.20.60.x - 10.29.69.x.  Each subnet can be anything from a /16 to /30.  I would like some input on creating statements which allow me to route traffic and create ACLs efficiently between sites without having numerous statements so that I could for example, have one statement that sends all of the subnets for a specific location to a specific IP.  This is all utilizing layer 3 switches.  If changing my ranges to groups of 8 (or some other multiple of 2) instead of 10 makes it easier, including for example, using 10.16.56.x - 10.23.63.x in the above case, it is early enough that I could modify my plans.  If you have any suggestions, please reply ASAP.

Wiliam

If you want to minimize the statements then yes, it would be better to make sure you can summarise that set of networks with one single statement so you need to use multiples of 2 but you also need to make sure you are on a subnet boundary ie.

10.20.60.x -> 10.20.68.x could not be summarised with one statement.

However if you wanted 8 subnets for a site and you wanted to summarise with one statement then -

10.20.56.0 255.255.248.0   would cover 10.20.56.0 to 10.20.63.255 which gives you 8 subnets to use.

Now you say it could be anything from a /16 to a /30 but that's not entirely clear because you then go onto to say that each site would use the 3rd octet. So i'm still not entirely sure exactly what you want.

Jon

0 Helpful

william.culver
Level 1
Level 1
In response to Jon Marshall

‎01-10-2011 06:28 PM

Jon -

Thanks for the response.  To clarify, let me give a couple hypotheticals:

Data networks:

Loc 1:  10.20.56.0/24

Loc 2:  10.20.64.0/24

Loc 3:  10.20.72.0/24

Voice networks:

Loc 1:  10.21.56.0/24

Loc 2:  10.21.64.0/24

Loc 3:  10.21.72.0/24

Video networks:

Loc 1:  10.22.56.0/24

Loc 2:  10.22.64.0/24

Loc 3:  10.22.72.0/24

Locations:

Loc 1:  10.20-29.56-63.x

Loc 2:  10.20-29.64-71.x

Loc 3:  10.20-29.72-79.x


Other assumptions:

  • Each location represents a L3 switch with L2 switches trunked to it. 
  • Some of these locations may have multiple buildings connected via MM fiber, and each building might be it's own /24 (so, at Loc 1, Bldg 1 would be 10.x.56.x/24, Bldg 2 would be 10.x.57.x/24, etc.)
  • So the second octet is the type of data and the third is the location.  I would like to send all the 10.x.56.x traffic to Loc 1, 10.x.72.x traffic to Loc 2, and the 10.x.72.0/24 to Loc 3.
  • I would like to be able to summarize 10.20-29.56-63.x to route to Loc1, 10.20-29.64-71.x to route to Loc2, and 10.20-29.72-79.x to route to Loc3.
  • Each of the L3 and related L2 switches will be connected to redundant data centers, each with 6500 cores and redundant ISP connections.
  • Servers and voice services hosted at the primary data center will fail over if one facility is unavailable.

Any thoughts?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card