04-26-2018 04:39 AM - edited 03-08-2019 02:48 PM
Having a problem trying increase vlan20 to have 64 addresses rather than 32 to fit in the following VLAN config
10 |
Server |
10.21.112.0/27 |
10.21.112.30 |
255.255.255.224 |
20 |
CCTV & SECURITY (DOOR ACCESS) |
10.21.112.32/27 |
10.21.112.62 |
255.255.255.224 |
40 |
Cashless Catering - SHUTDOWN |
10.21.112.96/28 |
10.21.112.110 |
255.255.255.240 |
50 |
NEW ICT Support |
10.21.112.112/28 |
10.21.112.126 |
255.255.255.240 |
60 |
Maths and OLD ICT Support |
10.21.112.128/25 |
10.21.112.254 |
255.255.255.128 |
when I try to increase the CCTV VLAN20 to (#ip address 10.21.112.94 255.255.255.192) I get an 10.21.112.64 overlaps with VLAN40 error
Can anyone offer any insight - we are using VTP also
Regards
Dale
04-26-2018 04:51 AM
apologies column 4 is the Default Gateway (SVI)
04-26-2018 06:04 AM
10.21.112.94 255.255.255.192 is from .64 - .127 so yes i would overlap with vlan 40
04-26-2018 06:19 AM
Hi Dennis thanks for replying. I am at a loss.
Could you suggest how I can alter the above VLAN diagram then to a /26 subnet on the VLAN20 CCTV, my core output currently shows it like this
---
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description *** Server VLAN ***
ip address 10.21.112.30 255.255.255.224
ip helper-address 10.21.112.18
ip helper-address 10.21.112.10
!
interface Vlan20
description *** CCTV AND DOOR ACCESS VLAN ***
ip address 10.21.112.62 255.255.255.224
ip helper-address 10.21.112.5
ip helper-address 10.21.112.18
ip helper-address 10.21.112.10
!
interface Vlan40
description *** Cashless Catering VLAN ***
ip address 10.21.112.110 255.255.255.240
ip helper-address 10.21.112.5
ip helper-address 10.21.112.18
ip helper-address 10.21.112.10
!
interface Vlan50
description *** NEW ICT SUPPORT ***
ip address 10.21.112.126 255.255.255.240
ip helper-address 10.21.112.5
ip helper-address 10.21.112.18
ip helper-address 10.21.112.10
!
interface Vlan60
description *** Maths And IT Support VLAN ***
ip address 10.21.112.254 255.255.255.128
ip helper-address 10.21.112.5
ip helper-address 10.21.112.18
ip helper-address 10.21.112.10
ip helper-address 10.21.112.255
ip helper-address 10.21.114.255
------------
Many thanks
Dale
04-26-2018 06:36 AM
Hello,
Just change subnet mask and keep same SVI address.
#> ip address 10.21.112.62 255.255.255.192
04-26-2018 06:43 AM
Thanks nixpengu1n, I've tried that but then get 10.21.112.0 overlaps with Vlan10
04-26-2018 06:57 AM
Hello,
That's bad. It means that when you specify a subnet mask IOS is divided address range equally by client amount in a subnet (in your case - 64). In this case you will need to re-apply all SVI configuration from scratch in top-down order (erase it and re-apply again).
04-26-2018 07:10 AM
I was under the illusion that the VLAN config on the core was wrong (even though it works)
I had thought it should be set like this
---
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description *** Server VLAN ***
ip address 10.21.112.0 255.255.255.224
ip helper-address 10.21.112.18
ip helper-address 10.21.112.10
!
interface Vlan20
description *** CCTV AND DOOR ACCESS VLAN ***
ip address 10.21.112.32 255.255.255.224
ip helper-address 10.21.112.5
ip helper-address 10.21.112.18
ip helper-address 10.21.112.10
!
interface Vlan40
description *** Cashless Catering VLAN ***
ip address 10.21.112.96 255.255.255.240
ip helper-address 10.21.112.5
ip helper-address 10.21.112.18
ip helper-address 10.21.112.10
!
interface Vlan50
description *** NEW ICT SUPPORT ***
ip address 10.21.112.112 255.255.255.240
ip helper-address 10.21.112.5
ip helper-address 10.21.112.18
ip helper-address 10.21.112.10
!
interface Vlan60
description *** Maths And IT Support VLAN ***
ip address 10.21.112.128 255.255.255.128
ip helper-address 10.21.112.5
ip helper-address 10.21.112.18
ip helper-address 10.21.112.10
ip helper-address 10.21.112.255
ip helper-address 10.21.114.255
------------
Becuase doesnt the subnet mask give you the amount of IP address off the network IP
It seemed the VLAN config started with the last usable IP in each range?
Regards
Dale
04-26-2018 07:51 AM - edited 04-26-2018 07:53 AM
Hello,
Based on this config, I assume that ip subnet-zero is been populated into your core config, which can allow you to use "subnet address" as an SVI address.
Ideally you should not use subnet address and broadcast address for SVI.
04-27-2018 01:13 AM - edited 04-27-2018 01:14 AM
Thanks, nixpengu1n for your help so far.
I'm really considering my options - I could always collapse VLAN20 altogether and create a new VLAN with a new IP range as the end of the IP scope - I have the freedom to do this as I'm no longer constrained by other networks however I was hoping to get to the bottom of it rather than be wasteful.
If I was to shorten VLAN40 to a /29 address, could I then increase VLAN20 to a /26 address
Hope this makes sense
Regards
Dale
04-27-2018 07:28 AM - edited 04-27-2018 07:30 AM
Hello,
OK, let me explain in more detail. First of all, please consider best Cisco practice for VLSM.
- If you are using VLSM consider to split address range in top down manner utilizing big subnets first and do not mix smaller and big subnets
It means that if you want for example split big /24 subnets into 4 smaller subnets /25, /26 and two /27 you should configure your network device in the following manner:
#> int vlan 25
#> description ** Subnet /25 **
#> ip address 192.168.1.1 255.255.255.128
#> int vlan 26
#> description ** Subnet /26 **
#> ip address 192.168.1.129 255.255.255.192
#> int vlan 27
#> description ** Subnet /27 **
#> ip address 192.168.1.193 255.255.255.224
#> int vlan 28
#> description ** Subnet /27 **
#> ip address 192.168.1.225 255.255.255.224
Cisco IOS calculates address range for particular VLSM by finding closer number to be divided by subnet number (for example for /27 it will be 64) in an octet. Division result should be either 0 or an integer (so for /27 VLSM such numbers will be 0, 64, 128 and 192 in address octet). So for /27 subnet in an octet usable address range will be:
0 - 63
64 - 127
128 - 191
192 - 255
In your particular example you have created 2 x /27 subnets which comes after each other and want to double address range of the second one (because, as you know, you have spare address range).
!
interface Vlan10
description *** Server VLAN ***
ip address 10.21.112.30 255.255.255.224
...
!
interface Vlan20
description *** CCTV AND DOOR ACCESS VLAN ***
ip address 10.21.112.62 255.255.255.224
...
!
interface Vlan40
description *** Cashless Catering VLAN ***
ip address 10.21.112.110 255.255.255.240
...
!
Problem is that IOS does not understand it and will try to calculate address range based on a rule I've provided. Thus suitable address range will be either 10.21.112.0 - 10.21.112.63 or 10.21.112.64 - 10.21.112.128 which overlaps with both VLANs 10 and 40 respecively.
Less disturbing solution in your case would be to swap VLAN 10 and 20 in this manner:
!
interface Vlan10
description *** Server VLAN ****** CCTV AND DOOR ACCESS VLAN ***
ip address 10.21.112.62 255.255.255.192
...
!
interface Vlan20
description *** Server VLAN ***
ip address 10.21.112.90 255.255.255.224
...
But it may not be a soultion in your case, because you will need to re-map all server's IP addresses which could be painfull.
05-01-2018 06:58 AM
05-01-2018 08:25 AM
Hello,
Yes it can make sense just to create additional /28 subnet starting from .64 address down to .96 . It will not conflict with your existing setup, however you need to make a notice that now you have 2 VLANs for same type of devices.
04-27-2018 03:15 AM
Hi
If we just focus on the last octet of the ip address here.
If you use subnet mask /25 that means you have 2 subnets
first subnet .0 that have adresses from .1-.126 .127 is broadcast.
second subnet .128 have adresses from 129-254 .255 is broadcast < this one you are using
now you can take the first one, the .0 and subnet that one into 2 smaller subnets /26.
That will give you .0 and .64
.0 usable adresses is .1-62
.64 usable adresses is 65-126 . You are not using anyone of these so we can take both of them and subnet them further and use /27
.0 can be subnetted to .0 and .32 and then .64 can be subnetted to .64 and .96
wich will give you adresses from .1-30 and 33-62 and 65-94 and 97-126
Here you are using .0 and .32 . So up to here you are using addresses from 1-63 and 129-254.
If we go further and subnetts also .64 and the .96 with /28 we got
.64 .80 .96 and .112 here you are using .96 and .112 so we got .64 .and .80 left
.64/28 and .80/28 can as we see above also be used as .64 /27 so this is all you have left to deal with.
You can use this one as secondary address on vlan 20 if that is suitable for you. However logical this will then be two networks on the same vlan. First the .32/27 and then also .64/27. This not a problem for the router but it may not be what you are looking for.
You can also move your vlan 30 and 40 to .32/28 and .48/28 and move your vlan 20 to .64/26.
/Mikael
05-01-2018 08:16 AM - edited 05-04-2018 01:18 PM
Hi dale.hopper!
What you have today is this:
Subnet | Host from | Host To | Broadcast | Total host | ||
Vlan 10 | Server | 10.21.112.0/27 | 10.21.112.1 | 10.21.112.30 | 10.21.112.31 | 30 |
Vlan 20 | CCTV & SECURITY (DOOR ACCESS) | 10.21.112.32/27 | 10.21.112.33 | 10.21.112.62 | 10.21.112.63 | 30 |
Vlan 40 | Cashless Catering - SHUTDOWN | 10.21.112.96/28 | 10.21.112.97 | 10.21.112.110 | 10.21.112.111 | 14 |
Vlan 50 | NEW ICT Support | 10.21.112.112/28 | 10.21.112.113 | 10.21.112.126 | 10.21.112.127 | 14 |
Vlan 60 | Maths and OLD ICT Support | 10.21.112.128/25 | 10.21.112.129 | 10.21.112.254 | 10.21.112.255 | 126 |
You trying to icrease vlan 20 which today has:
Vlan 20 | CCTV & SECURITY (DOOR ACCESS) | 10.21.112.32/27 | 10.21.112.33 | 10.21.112.62 | 10.21.112.63 | 30 |
If you want to increase this interface there is only one logical scenario because of you know already that there is some gaps between vlan 20 and 40, from .32 up to 95 sure. but the problem is when you try to increase this subnet for vlan 20, you also conflict other vlan like vlan 10.
Vlan 20 | CCTV & SECURITY (DOOR ACCESS) | 10.21.112.32/26 | 10.21.112.1 | 10.21.112.62 | 10.21.112.63 | 62 |
The problem is you destroy the server subnet when you going up to /26. As soon you increase up /26 you it means that you are taking off vlan 10 subnet.
Now you have two alternatives: 1 alternative is to have two vlans with /28 some nixpengu1n told you before:
Vlan 10 | Server | 10.21.112.0/27 | 10.21.112.1 | 10.21.112.30 | 10.21.112.31 | 30 |
Vlan 20 | CCTV & SECURITY (DOOR ACCESS) | 10.21.112.32/27 | 10.21.112.33 | 10.21.112.62 | 10.21.112.63 | 30 |
Vlan 30_NY | CCTV & SECURITY (DOOR ACCESS-2) | 10.21.112.64/27 | 10.21.112.65 | 10.21.112.94 | 10.21.112.95 | 30 |
Vlan 40 | Cashless Catering - SHUTDOWN | 10.21.112.96/28 | 10.21.112.97 | 10.21.112.110 | 10.21.112.111 | 14 |
Vlan 50 | NEW ICT Support | 10.21.112.112/28 | 10.21.112.113 | 10.21.112.126 | 10.21.112.127 | 14 |
Vlan 60 | Maths and OLD ICT Support | 10.21.112.128/25 | 10.21.112.129 | 10.21.112.254 | 10.21.112.255 | 126 |
2 alternative is to move up vlan 40 and 50 then vlan 20 to down, you will get more spaces see the tabell:
Vlan 10 | Server | 10.21.112.0/27 | 10.21.112.1 | 10.21.112.30 | 10.21.112.31 | 30 |
Vlan 40 | Cashless Catering - SHUTDOWN | 10.21.112.32/28 | 10.21.112.33 | 10.21.112.46 | 10.21.112.47 | 14 |
Vlan 50 | NEW ICT Support | 10.21.112.48/28 | 10.21.112.49 | 10.21.112.62 | 10.21.112.63 | 14 |
Vlan 20 | CCTV & SECURITY (DOOR ACCESS) | 10.21.112.64/26 | 10.21.112.65 | 10.21.112.128 | 10.21.112.127 | 62 |
Vlan 60 | Maths and OLD ICT Support | 10.21.112.128/25 | 10.21.112.129 | 10.21.112.254 | 10.21.112.255 | 126 |
Hope it helps:
I edited last 2018-05-04
/Mohammed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide