09-25-2013 08:08 AM - edited 03-07-2019 03:40 PM
Hi all
I am building a lab before I can move on to seperate our existing network (no VLAN, all devices in the same subnet)
I use 01 cisco router 2911 to connect 01 no-VLAN network with other VLANs network
They can work well if I point the default gateway of the PC belong to no-VLAN network to the IP address that I configure for Router interface.
But if I use another default gateway, they cannot work.
Because our existing no-VLAN network have a different gateway, I need to keep the existing configuration (no change). How can I configure the router to receive all packets from the existing no-VLAN net work? (without changing the default gateway of that network)
What I did:
PC <----> existing no-VLAN network (gateway: 172.x.x.4) <------> router (ip interface G 0/1: 172.10.0.102)
If I changed gateway in PC from 172.x.x.4 to 172.10.0.102 ===> it works
but I do not want to change this gateway
Please help
Thanks
09-25-2013 12:38 PM
You can use the ip address x.x.x.x x.x.x.x secondary on the router interface to add a second ip in that interface.
How many networks do you have?
Sent from Cisco Technical Support Android App
09-25-2013 04:07 PM
Thanks for your response
Can you tell me in detail?. What I meant is my existing network have default gateway: 172.x.x.4
How can I configure on router so that other servers in the existing network do not need to change the default gateway? And they can also reach others new VLAN network?
You meant that I have to configure the IP 172.x.x.4 (default gateway) on router as secondary IP?
Thanks for your help
09-25-2013 08:04 PM
Hello ,
Please configure as below in LAN interface
Interface fastethernet 0/1
Ip address 172.10.0.102 255.255.255.0
ip address 172.x.x.4 255.255.255.0 secondary
exit
09-26-2013 03:07 PM
Hi friend
Can I keep the existing default gateway for other servers with your recommendation of router's configuration?
Thanks and please in detail
09-25-2013 11:53 PM
Hello,
you have 2 options:
You can shutdown the 172.10.0.4 gateway and add the ip as secondary to the router or change the router ip to 172.10.0.4. In this scenario you have to make sure that the rest of the routing will also work with the router.
Option 2
You have to add a static route in your 172.x.x.4 gateway pointing to the new VLAN via the router interface 172.10.0.102, as long both interfaces (.4 & .102) are on the same subnet this will work.
The following example is for Windows and I assume that the new VLAN is 192.168.10.0 255.255.255.0
-open command prompt as Administrator
-route add 192.168.10.0 mask 255.255.255.0 172.10.0.102 metric 1
You can adjust your command to your specific environment and operating system of the 172.10.0.4 gateway
This is more easy but I have seen PC's loosing route commands for various reasons.
In order to help you further you have to provide me with more details about your environment:
-the existing subnet
-the new subnet
-the rest of subnets or default routes
-how all are accesible
09-26-2013 03:05 PM
Thanks for your help a lot
However, I cannot delete the existing default gateway: 172.x.x.4. Because we have all servers (100s servers) and users in same network (class B: 172.10.x.x) ==> sorry about this crazy IT lead.
I try to add new subnet to seperate users from the existing network, such as adding 172.16.x.x
If I use router (or Cisco switch), how could I allow the existing network (default gateway 172.x.x.4) connect with the new VLAN subnet (172.16.x.x)
I know how to route them, but the BIG problem is users servers from 172.10.x.x (gateway 172.x.x.4) need to know the IP of router, so that they can reach the new VLAN subnet (172.16.x.x)
Thanks for your help a lot
09-27-2013 12:15 AM
Hello,
you have to add a Cisco router with 2 ethernet interfaces. 1 ethernet interface will be in the current 172.10.x.x and the other one will be in the new subnet 172.16.x.x
For the new subnet this will be the default gateway.
For the current subnet 172.10.x.x you have to add a static route in your current gateway 172.x.x.4 to tell how to reach the new one, ip route 172.16.0.0 255.255.0.0 172.10.0.2 (where 172.10.0.2 is the ip of the router interface for the current subnet).
-----------------------------------------------------------
If you're going to use a layer 3 switch, you have to create 2 vlans 172.10.x.x and 172.16.x.x, place the users in the vlan that belong and add the static route for the new vlan in your current gateway eg.:
ip route 172.16.0.0 255.255.0.0 172.10.0.2 (where 172.10.0.2 is the ip of the switch vlan interface for the current subnet).
------------------------------------------------------------
Either of way you'll choose to do it, you have the ability to transition the users one by one, until you finish with them.
Last option is to use a router and add 2 ip addresses in one interface (ip address x.x.x.x x.x.x.x secondary) and use the same static route as above, but I don't recommend that.
For more detailed instructions you have to provide me with full details of the subnets and your equipment.
09-27-2013 08:53 AM
Thanks Panos
Let me draw some:
1/ Our current network: net: 172.10.x.x, netmask: 255.255.0.0
+ No VLAN
+ Gateway: 172.x.x.4 (this is also internet router --> for user using internet): Cisco ASA
+ Users and 100s servers
2/ My purpose: seperate users from this network
3/ I divided several VLAN subnet, we just choose 01 here for simple: 172.16.192.0, netmask: 255.255.240.0
4/ I can choose either router or switch layer 3 for seperating network, let choose switch L3 for simple
5/ I put users, domain controller (provide DHCP to user), and Cisco ASA router internet (172.x.x.4) in the same switch ==> let call current switch
6/ I added route for both new switch L3 and Cisco ASA:
+ In Cisco ASA, I can ping through the new VLAN subnet (172.16.192.2)
+ In Laptop belong to current network (gateway 172.x.x.4), I cannot ping the (172.16.192.2)
7/ If I add route manually to the Laptop: 172.16.192.0 through 172.10.0.14 ==> I can ping 172.16.192.2
Mean that it can work but I do not want to add route manually like that way because I have 100s servers in current network, it will be a big mistake
Thanks for your help
09-30-2013 04:18 AM
Ok it's a bit tricky to make the ASA do your internal routing, the easy way is to
1- change the ip of the ASA to 172.10.0.14 and put the 172.x.x.4 ip to the L3 switch
2- add a static route on L3 switch to allow default route 0.0.0.0 0.0.0.0 172.10.0.14
3- Add a route to the ASA for the new network( probably you've done that but check again)
Hope this helps.
09-30-2013 08:07 AM
Thanks for your help a lot
I know your refer work well. But the big problem is there are some stupid thing behind the scence of this network. Therefore, I try my best to do not change anythign on it. I want to route all packets from the current network go through my new VLANs.
Do you have any new ideas?
Thanks a lot
09-30-2013 11:56 PM
Ok,
then try to put the switch on the ASA, define a second internal network with same security level and allow routing between them.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide