Creating LAN subnets

Similar Messages

• PBR using dual ISP and single LAN subnet

  Hello,
  I have 2 ISP connections on the Cisco router 29121 i.e. Leased Line and PPPoe and single LAN subnet
  I want to use PBR.
  I want to allow ip traffic destined for  1.1.1.1,2.2.2.2,3.3.3.3 ( Fictitious IP) to go through Lease Line
  and all other traffic through PPPoe
  Please help me to achieve this.
  Thanks in advance.

  WoW Great Thanks  cadet alain
  It working as desired.
  This is my current config. I just want you help for last thing
  If leased line goes down, I want to direct the user to PPPoe
  However, if PPPoe, the users should NOT BE directed to leased line
  int gi0/0
  description << Leased Line >>
  ip address 100.100.100.101 255.255.255.252
  ip nat outside
  no shut
  int gi0/2
  description << LAN Subnet>>
  ip address 10.1.50.1 ip nat inside
  ip policy route-map lease
  no shut
  interface Dialer0
  ip address negotiated
  ip mtu 1492
  ip nat outside
  ip virtual-reassembly in max-reassemblies 512
  encapsulation ppp
  ip tcp adjust-mss 1452
  dialer pool 1
  dialer-group 1
  ppp authentication pap chap callin
  ppp chap hostname XXXXXXXXXXXXXXX
  ppp chap password 0 9860
  ppp pap sent-username XXXXXXXXXXXXXXX  password 0 9860
  no cdp enable
  interface GigabitEthernet0/1
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  no shut
  ip nat outside
  ip virtual-reassembly in
  duplex auto
  speed auto
  pppoe enable group global
  pppoe-client dial-pool-number 1
  access-list 100 permit ip 10.1.50.0 0.0.0.255
  route-map lease permit 10
  match ip address 100
  match interface gi0/0
  route-map pppoe permit 10
  match ip address 100
  match interface dialer 0
  ip nat inside source route-map lease interface gi0/0 overload
  ip nat inside source route-map pppe interface dialer 0 overload
  access-list 101 permit ip 10.10.1.50.0 0.0.0.255 host 1.1.1.1
  acess-list 101 permit ip 10.1.50.0 0.0.0.255 host 4.2.2.2
  route-map PBR permit 10
  match ip address 101
  set ip next-hop 100.100.100.102
  ip route 0.0.0.0 0.0.0.0 dialer0
  ip route 0.0.0.0 0.0.0.0 100.100.100.102

• RV130 router : Unable to modify LAN subnet mask

  Hi every one,
  I'm using a cisco router RV130, which runs the latest firmware (1.0.1.3), and when
  I set an IP address to the LAN interface, I can't choose the subnet mask greater than /24.
  The scrolling list proposes only these values :
  255.255.255.0
  255.255.255.128
  255.255.255. .. and so on to 255.255.255.252
  The issue is that the customer's lan address is 172.17.0.0/16 (255.255.0.0)
  Any clue ?
  Thierry

  Please see the attached Word Document for how to create a case online. Please make sure your CCOID is associated with the Product and/or the contract. This will prevent any issue when creating a case. If there is an issue with the association, the 1-866-606-1866 number will put you in touch with the people to assist in the association to your CCOID. Hope this helps.

• Need to create contiguous subnet using 2 rv120w gateways

  Hi,
  I have been tasked to create a Voip system using Cisco UC320 to serve one main and one auxiliary office. I think there is no way to use the UC320 as a VOIP gateway on multiple subnets so  I need to create contiguous IP space between the two branches. I was able to create site-to -site VPN using the RV120W firewalls but I have two subnets 192.168.1.1 and 192.168.2.1  and the IP phones in the auxiliary office do not register. Any ideas how this can be achieved?
  Thanks!!

  Dear Svetoslav,
  Thank you for reaching the Small Business Support Community.
  It's been several days since you posted your inquiry with no answer from the community members yet, I therefore suggest you to inquire about this in the Small Business Voice and Conferencing support group;
  https://supportforums.cisco.com/community/netpro/small-business/voiceandconferencing
  Just in case notice you may request from others support channel available;
  https://supportforums.cisco.com/community/netpro/small-business/sbcountrysupport
  Please do not hesitate to reach me back if there is any further assistance I may help you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• VMW Fusion 4.1 breaks 1 host LAN subnet

  Testing VMware Fusion 4.1 on '09 MacBook Pro Lion 10.7.2 to run a Lion 10.7.2 guest for testing. When Fusion is running, regardless of VM on, suspended or stopped, it sometimes has (not yet consistantly reproduceable) killed Exchange mail in the host (mail.app or MS 02k11) and kills any new access to one particular local subnet (yet all other LAN and WAN subnets are fine) from host wired etnernet LAN (guest VM running bridged, wifi, totally separate / firewalled from host wired LAN). Quit Fusion and, bam, all works again. Repeatable back & forth, and after reboot with nothing else running. Can't even ping subnet on router. Even stranger: if shared server volumes from affected subnet are mounted in host before starting Fusion they stay mounted and fully accessible for read/write yet their whole subnet can no longer be pinged, no new connection to server from host can be established.
  Tried changing lots of network settings in host, Fusion and guest VM, seems to make no difference: The simple act of starting Fusion.app breaks host access to just the 1 local subnet. Quitting Fusion.app restores it.
  Anyone got any ideas what causes this, maybe something simple I've overlooked? TIA.

  Sorry to hear that.
  But Apple have probably broken it when they added the MobileMe and modified the Wide-Area Bonjour code.
  However, I can report that Back-to-My-Mac does work on the AEBS. If you already a MM subscriber, you can use that to get back to the AirDisk.

• Creating a subnet via ethernet

  Very technical question here:
  I have a MBP and a NAS server which runs Windows xp pro (for certain reasons)...
  anyways, I have both computers using their respective wireless cards for the internet... both have gigabit connections so I looked into connecting the both of them at home to back up the mac apps / music etc to my desktop via Ethernet..
  Is possible to have the apple maintain it's wireless connection and connect to the server via a subnet or something using the Ethernet?
  This would be a life saver.. think of it as 2 internet solutions working at the same time using different protocols.

  You will need to run a DHCP server on either the MBP or server. Alternatively you can use static IP addresses. From the question it looks like the MBP and server are both still able to access the external network via the wireless router, as opposed to, say, the MBP's packets being routed through the server then to the router. In this case, you need to ensure that the default gateway is via the wireless interface. You can use the route command, via Terminal, to get the right routing / forwarding table.

• Nat'ing Lan subnet

  I have a tunnel created and I need to NAT the local network 192.168.1.0/24 to 172.31.196.0/24 to the destination IP, let's say (2.2.2.2)
  code version is 821
  name 2.2.2.2 External_IP
  name 172.31.196.0 Local_xlated
  I thought the statement would look like nat (inside,outside) inside-network Local_xlated static destination External_IP

  eluciasa(config)# packet-tracer input inside tcp 192.168.1.6 53 8.8.8.8 53
  Phase: 1
  Type: ACCESS-LIST
  Subtype:
  Result: ALLOW
  Config:
  Implicit Rule
  Additional Information:
  MAC Access list
  Phase: 2
  Type: FLOW-LOOKUP
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Found no matching flow, creating a new flow
  Phase: 3
  Type: ROUTE-LOOKUP
  Subtype: input
  Result: ALLOW
  Config:
  Additional Information:
  in   0.0.0.0         0.0.0.0         outside
  Phase: 4
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 5
  Type: NAT
  Subtype: host-limits
  Result: ALLOW
  Config:
  static (inside,outside) MC_Local_xlated  access-list L2LVPN-POLICYNAT
    match ip inside 192.168.1.0 255.255.255.0 outside host External_IP
      static translation to MC_Local_xlated
      translate_hits = 0, untranslate_hits = 0
  Additional Information:
  Phase: 6
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  nat (inside) 1 0.0.0.0 0.0.0.0
    match ip inside any outside any
      dynamic translation to pool 1 (External_IP [Interface PAT])
      translate_hits = 24686918, untranslate_hits = 1904674
  Additional Information:
  Dynamic translate EluciMX01/53 to External_IP/356 using netmask 255.255.255.255
  Phase: 7
  Type: HOST-LIMIT
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 8
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 9
  Type: FLOW-CREATION
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  New flow created with id 32668832, packet dispatched to next module
  Result:
  input-interface: inside
  input-status: up
  input-line-status: up
  output-interface: outside
  output-status: up
  output-line-status: up
  Action: allow
  eluciasa(config)#

• RVS4000 lan subnet ask

  I'm planning to use RVS 4000 in 10 of my branch offices.
  The current IP's of those branch offices are 10.12.0.0/16 (255.255.0.0)
  When trying to configure the RVS4000 LAN IP I only have a drop down for selecting the mask and the largest one is 255.255.255.0, is there any way of using larger mask then that?
  Thanks!

  The LAN configuration of RVS4000 is limited to a Class C network. That said, RVS4000 does support multiple VLANs, each of which is a Class C network.

• Problem Creating LAN - X130E & Desktop PC - Win7 64 Pro and WinXP 32 Pro

  Purchased a Cat 5e Crossover and read several how-to guides online but no success. Spoke with a computer tech who told me he could try working on it for a couple hours but could not promise anything. I want to transfer files between the two. Should I try a fresh format on the two offline? Any suggestions or insight duly appreciated.

  ewaller wrote:The only thing I can think of has to do with the way that Windows does network discovery.  They have the notion of a domain controller.  As to who is the controller is subject to negotiation; In general, the machine running the newer OS wins.   This is mostly of importance to SAMBA, but I wonder if it may be impacting other things as well.  Perhaps the XP has given some of its authority over to the Win 7 box.
  Maybe it is authority problem, but how to investigate it in XP, is beyond me. I really tried everything I could think off and find, spent countless hours on this, nothing worked. My Arch strangely, only has access to imap and ics calendars, still no http, https... access for almost a week.
  Short summary of problem: Arch Laptop was networked with XP machine through simple network cable and received Internet over XP's ICS. After Win7 is installed beside Arch on same laptop and networked to XP machine, Arch can not receive Internet anymore through XP's ICS.
  Now Win7 can network and receives Internet from XP's ICS, Arch on same laptop can network but can't receive Internet from XP's ICS. No firewalls present on Arch and XP.
  Does anyone have an idea or suggestion how to investigate this, cause I'm totally clueless now?

• RV110W: How to create subnet?

  This is my lan configuration:
  RV110W router connects to the internet (PPOE) through WAN
  Unmanaged switch #1 connects to lan port of RV110W
  6 machines connect to the switch directly
  I want to isolate 2 machine from the rest of ther other machines without additional hardware. These machines should not be able to access the RV110 configuration web interface. I heard this is possible by creating a subnet. How would I do that on the RV110w?
  Here is the router configuration page demo:
  https://www.cisco.com/web/sbtg/gui_mockups/RV110W/default.asp.htm
  Are these the correct steps (no additional hardware or cabling):
  1) Create another VLAN #2
  2) Change both VLAN #1 and VLAN #2 to tagged on Port #1 (exclude the other ports)
  3) Goto "LAN Configuration" and put the local IP as 192.168.2.1 for VLAN #2 and then change the subnet mask to 255.255.255.128?

  Hi, My name is Eric Moyers. I am a Network Support Engineer in the Cisco Small Business Support Center. Thank you for using the Cisco Community Post Forums.
  That should get you started in the right direction. Also remember to go to the Networking - Routing tab and make sure that Inter-Vlan Routing is disabled if you do not want the two vlans to be able to talk to each other.
  Thanks
  Eric Moyers    .:|:.:|:.
  Cisco Small Business US STAC Advanced Support Engineer
  Wireless Subject Matter Expert
  CCNA, CCNA-Wireless
  *Please rate the Post so other will know when an answer has been found.

• Routing Experts please help with below LAN routing issue with NAT

  Hello Experts,
  I have a weird situation and requirement.
  The existing setup is -
  We have email/ticketing server hosted in the LAN which is reachable on the publicly NAT'ed IP with respective port numbers of 89 & 443. We have LAN & servers on the same subnet. The internet is with public DHCP IP assigned by ISP (/29). We use linksys router GUI for NAT settings (attached).We are using the same public IP for the server NAT & user NAT.
  We tried to refresh our network by separating the subnets for LAN users & servers. We used the Cisco 3845 router to create sub-interfaces in the LAN and configure respective subnets. Now both user subnet and server subnet are connecting to the Internet with same public IP (static NAT for servers & dynamic for users). We can connect to the server IP from the Internet and it resolves fine. However user LAN subnet cannot connect to the server if we try the URL. Users can access the Internet fine.
  Please find attached short diagram and below configuration and please give your inputs to solve this.
  Cisco 3845 router
  access-list 1 permit 10.155.60.0 0.0.0.255
  access-list 2 permit 10.155.61.0 0.0.0.255
  access-list 3 permit 10.155.62.0 0.0.0.255
  ip nat inside source list 1 int g0/0 overload
  ip nat inside source list 2 int g0/0 overload
  ip nat inside source list 3 int g0/0 overload
  int g0/0
  ip add 8.8.8.8 255.255.255.248
  ip nat outside
  no shut
  int g0/1
  description Trunk-to-Switch
  no shut
  int g0/1.60
  description User vlan
  ip add 10.155.60.1 255.255.255.0
  encapsulation dot1q 60
  ip nat inside
  int g0/1.62
  description Server vlan
  ip add 10.155.62.1 255.255.255.0
  encapsulation dot1q 62
  ip nat inside
  exit
  aaa new-model
  aaa authentication login default local
  aaa authentication login vpn_xauth_ml_1 local
  aaa authentication login sslvpn local
  aaa authorization network vpn_group_ml_1 local
  aaa session-id common
  acl 120
  max-users 10
  exit
  !access-list 120 remark ==[Cisco VPN Users]==
  access-list 120 permit ip any host 192.168.0.10
  access-list 120 permit ip any host 192.168.0.11
  access-list 120 permit ip any host 192.168.0.12
  access-list 120 permit ip any host 192.168.0.13
  access-list 120 permit ip any host 192.168.0.14
  access-list 120 permit ip any host 192.168.0.15
  access-list 120 permit ip any host 192.168.0.16
  access-list 120 permit ip any host 192.168.0.17
  access-list 120 permit ip any host 192.168.0.18
  access-list 120 permit ip any host 192.168.0.19
  no access-list 100
  access-list 100 remark [Deny NAT for VPN Clients]=-
  access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.10
  access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.11
  access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.12
  access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.13
  access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.14
  access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.15
  access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.16
  access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.17
  access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.18
  access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.19
  access-list 100 remark
  access-list 100 remark -=[Internet NAT Service]=-
  access-list 100 permit ip 192.168.0.0 0.0.0.255 any
  exit
  ip nat inside source static tcp 10.155.62.55 21 8.8.8.8 21
  ip nat inside source static tcp 10.155.62.55 88 8.8.8.8 88
  ip nat inside source static udp 10.155.62.55 88 8.8.8.8 88
  ip nat inside source static tcp 10.155.62.84 3389 8.8.8.8 3389
  ip nat inside source static udp 10.155.62.84 3389 8.8.8.8 3389
  ip nat inside source static tcp 10.155.62.98 80 8.8.8.8 80
  ip nat inside source static udp 10.155.62.98 80 8.8.8.8 80
  ip nat inside source static tcp 10.155.62.98 443 8.8.8.8 443
  ip nat inside source static udp 10.155.62.98 443 8.8.8.8 443
  ip nat inside source static tcp 10.155.62.98 25 8.8.8.8 25
  ip nat inside source static udp 10.155.62.98 25 8.8.8.8 25
  ip nat inside source static tcp 10.155.62.84 8080 8.8.8.8 89
  ip nat inside source static udp 10.155.62.84 8080 8.8.8.8 89
  ip nat inside source static tcp 10.155.62.84 9005 8.8.8.8 9005
  ip nat inside source static udp 10.155.62.84 9005 8.8.8.8 9005
  ip nat inside source static tcp 10.155.62.84 135 8.8.8.8 135
  ip nat inside source static udp 10.155.62.84 135 8.8.8.8 135
  ip nat inside source static tcp 10.155.62.84 139 8.8.8.8 139
  ip nat inside source static udp 10.155.62.84 139 8.8.8.8 139
  ip nat inside source static tcp 10.155.62.84 445 8.8.8.8 445
  ip nat inside source static udp 10.155.62.84 445 8.8.8.8 445
  ip nat inside source static tcp 10.155.62.84 90 8.8.8.8 465
  ip nat inside source static udp 10.155.62.84 90 8.8.8.8 465
  ip nat inside source static tcp 10.155.62.143 3381 8.8.8.8 3381
  ip nat inside source static udp 10.155.62.143 3381 8.8.8.8 3381
  ip nat inside source static tcp 10.155.62.46 8081 8.8.8.8 91
  ip nat inside source static udp 10.155.62.46 8081 8.8.8.8 91
  ip http server
  ip http authentication local
  no ip http secure-server
  ip http path flash:/cme-gui-7.1.0.1
  file privilege 0
  telephony-service
  dn-webedit
  time-webedit
  transport input ssh
  line con 0
  line vty 0 15
  login local
  ntp server ntp.first2know.net
  clock timezone gmt 0
  clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
  ntp update-calendar
  ntp master
  =========================================================================================================================================
  Cisco 3750 Config;
  vlan 60
  name User
  vlan 61
  name Voice
  vlan 62
  name Server
  exit
  interface g1/0/1
  description Trunk-to-Router
  switchport trunk encapsulation dot1q
  switchport mode trunk
  spanning-tree portfast trunk
  interface vlan 60
  description User Vlan
  ip add 10.155.60.2 255.255.255.0
  interface vlan 61
  description Voice Vlan
  ip add 10.155.61.2 255.255.255.0
  interface vlan 62
  description Server Vlan
  ip add 10.155.62.2 255.255.255.0
  service dhcp
  ip dhcp pool Users
  network 10.155.60.0 255.255.255.0
  default-router 10.155.60.1
  dns server 4.2.2.2
  ip dhcp pool Voice
  network 10.155.61.0 255.255.255.0
  dns server 4.2.2.2
  exit
  ip dhcp excluded-address 10.155.60.1 10.155.60.2 10.155.60.3
  ip dhcp excluded-address 10.155.61.1 10.155.61.2
  interface range g1/0/2 - 1/0/21
  switchport mode access
  switchport access vlan 60
  switchport access vlan 61
  exit
  exit
  interface range g1/0/22 - 1/0/26
  switchport mode access
  switchport access vlan 62
  exit
  Thanks,
  Deepak

  One more thing I should clarify the route I am putting into the 10.10.1.9 server is
  route add 10.1.6.0 mask 255.255.255.0 10.10.1.250 which tells the server to bypass the ASA and go directly to the ISP router.(then i can successfully tracert everything).  The big question here is how to make the inside ASA connection 10.10.1.1 to force all traffic to 10.10.1.250.
  Thanks in advance.

• Prioritise traffic based on IP subnet

  I'm currently using an Avaya IP Office VoIP solution and I want to introduce a Cisco 2600 to replace the WAN units. I've been told that I will need a QOS switch or have two Lan ports on the router to create two subnets (1 for Data & 1 for VoIP).
  If I decide to use 2 lan ports instead of installing a QOS switch can someone tell me if this solution is viable and if it is how would I proritise the traffic based upon the IP subnet.

  If you are going to place the phones on a single subnet and connect them to a dedicated router interface with no other devices (PCs, printers etc) you should get away without any QoS because all the data on that subnet will be voice bearer, voice signaling and network management with voice bearer being by far the majority of the traffic. Your greatest concern for voice quality should be aimed at the WAN link. You will need to ensure that you have QoS between sites and this will be dependent on the type of WAN link employed.

• How to nat subnets before establishing site to site ipsec vpn tunnel?

  Hello,
  Coming across requirement which is new to me as I have not done this setup. Details as follows. Hope some1 can help.
  Requirement: nat existing subnets to 192.168.50.0/24 subnet which is allowed at another firewall.
  Existing device: Cisco 5510 where I need to do this NAT.
  Existing scenario in short: I have created vlans on asa by creating sub interfaces.
  Changes done: added new sub int for 192.168.50.0. Added new object as 192.168.50.0 . Now done with creation of acl where traffic from 192.168.50.0 to remote subnets allowed. In NAT object sections done nating 1 to 1 I.e. existing subnet to 192.168.50.0
  Done ipsec vpn setup inc phase 1 &amp; 2.
  Now tried to ping remote hosts but not reachable.
  Pls advice how to make it work.
  I dont any router next to asa 5510. Asa is in routed mode. Next hop to asa is isp's mux.

  Hello. Pls find my answers inline
  I first got the picture that the NAT network is 192.168.50.0/24 and some other networks should be NATed to this.
  Answer: Thats correct.
  Later on it seems that you have configured this to some interface on the ASA?
  Answer: Yes as I have defined vlan's on ASA itself. i.e. other subnets too i.e. 10.x series & 192.168.222.x series. I used Ethernet 0/0 as main interface for all LAN networks and have created sub interfaces i.e. vlan's on it. Using 3COM switch down to ASA to terminate those vlan's & distribute to unmanaged switches. Due to port limitations on ASA I have configured vlans on ASA itself. Ethernet 0/2 is my WAN interfacei.e. ISP link terminates on Eth 0/2 port.
  So  are you attempting to NAT some other LAN networks to this single NAT  network before the traffic heads to the L2L VPN connection on your ASA?
  Answer: Yes thats right. Attempting to NAT multiple networks to single NAT before traffic head to L2L VPN connecting from my ASA 5510 to remote Citrix firewall.
  Can  you then mention what are the source networks and source interfaces for  these networks? What is the destination network at the remote end of  the L2L VPN connection?
  Answer:    Source networks =  10.100.x series & 192.168.222.x series / Destination networks are from 192.168.228.x , 192.168.229.x series.  Remote admin wants us to NAT our multiple subnets to single subnet i.e. 192.168.50.0 and then traffic from this subnet is allowed at remote end.
  Do  you want to just do a NAT Pool of the 192.168.50.0/24 network for all  your Internet users OR does the remote end also have to be able to  connect to some of your sites hosts/servers?
  Answer:  Yes just want to NAT LAN subnets to 192.168.50.0/24 for all LAN users. 1 way access. I am going to access remote servers.
  The new thing for me is how to NAT multiple subnets. I have existing ipsec vpn's where I have added multiple subnets which is traditional set up for me. This requirement is new to me.

• Meaning of this show IP route output in InterVLAN routing (subnet calculation) - did i get mistaken ?

  Hi all,
  I am reading the configuration of interVLAN routing on 3750 from cisco @
  http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41260-189.html
  There are 3 VLAN created on the L3 switch namely
  VLAN10 - 10.1.10.0/24 network
  VLAN 2 - 10.1.2.0/24 network
  VLAN 3 - 10.1.3.0/24 network
  But on the show IP route results (see bold red), why does it indicate that 10.0.0.0/24 is subnetted. How is it subnetted ?
  10.1.10.0/24, 10.1.2.0/24, 10.1.3.0/24 all belongs to different network are not subnet out from 10.0.0.0/24.
  How does the calculation goes ?
  Cat3550#show ip route
  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
  N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
  E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
  i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
  * - candidate default, U - per-user static route, o - ODR
  P - periodic downloaded static route
  Gateway of last resort is 200.1.1.2 to network 0.0.0.0
  200.1.1.0/30 is subnetted, 1 subnets
  C 200.1.1.0 is directly connected, FastEthernet0/48
  10.0.0.0/24 is subnetted, 3 subnets
  C 10.1.10.0 is directly connected, Vlan10
  C 10.1.3.0 is directly connected, Vlan3
  C 10.1.2.0 is directly connected, Vlan2
  S* 0.0.0.0/0 [1/0] via 200.1.1.2
  Please advise
  Regards,
  Noob

  Noob
  Jon is quite correct that in modern usage we tend to treat network and subnet as almost interchangeable. But technically there is a difference and that difference becomes significant for the kind of question that you are asking. There is no "network" 10.0.0.0/10. 10.0.0.0/10 is a subnet of the class A network 10.0.0.0/8. You are correct that 10.0.0.0/10 can be further subnetted but that does not make 10.0.0.0/10 into a "network".
  To go a step further in explaining this perhaps we can think of designing a network for a company that has offices in several cities. We might assign 10.0.0.0/10 as the network for the Chicago office, and 10.64.0.0/10 as the network for the New York office, and 10.128.0.0/10 as the network for the Atlanta office and 10.192.0.0/10 as the network for the Los Angeles office. (Note that while I called them network here they are actually subnets of class A 10.0.0.0/8) Within each city we might further subnet their block of addresses to create multiple subnets for each city.
  It might help to think about how Cisco organizes the routing table to support the routing function. When a router receives a packet and needs to make a forwarding decision it searches the routing table looking for the longest match. In functional terms what it is doing is to identify what network the packet belongs to and then to determine whether that network has been subnetted, and if so to which subnet does the packet go. So Cisco organizes the routing table to identify the network on one line and then to identify the subnets on lines below the network line. So in your original post the line in red
   10.0.0.0/24 is subnetted, 3 subnets
  is telling us about the network and the lines below it are telling us about the subnets that it knows of that network.
  It also seems that you are looking at 10.0.0.0/24 as if that were a single piece of information indicating that 10.0.0.0/24 is present in the routing table. That is not what is actually indicated. There are two separate and distinct pieces of information in that.
  1) the network is 10.0.0.0 (a class A network)
  2) the network is subnetted consistently using a /24 mask
  HTH
  Rick

• 1 modem - 2 routers (chained) - 2 subnets (cross-traffic) - 2 dhcp

  My goal is trying to use 1 isp modem, chain 2 linksys routers, creating 2 subnets that pass traffic between them, having each subnet served by its own dhcp. So how I started was by setting up Router 1 (R1) to use address space 192.168.2.0. Straightforward, tested, everything works fine. Then I turned on Router 2 (R2) standalone, connected a PC directly to a LAN port on it and configured it for address space 192.168.1.0. Gave it an WAN address of 192.168.2.2 (from R1). Disconnected PC and connected a LAN port of R1 to the WAN port of R2. I then went back to R1 and added a static route 192.168.1.0/24 -> 192.168.2.2. I then connected the PC to the LAN port of R1 and expected everything to be ok, but, it wasn't. The PC can ping R1 but not R2. If I connect the PC to a LAN port of R2 I can ping both routers. So subnet cross traffic seems to be flowing one way. If I can get that figured out my next question is how to have both dhcp working but restricted to their own subnets. I would think if I can find a way to block cross-traffic on ports 67,68 that would do it. Has anyone done what I'm trying to do? Looking for a little help.
  thx

  Turned off NAT and SPI firewall on slave and widened the subnet mask.
  Now we're getting somewhere.
  Here's the output I've been able to obtain:
  # ping from machine in the master's 192.168.2.x subnet to slave ip:
  [root setup]# ping 192.168.1.100
  PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
  64 bytes from 192.168.1.100: icmp_seq=1 ttl=127 time=2.38 ms
  From 192.168.2.1: icmp_seq=2 Redirect Host(New nexthop: 192.168.2.2)
  64 bytes from 192.168.1.100: icmp_seq=2 ttl=127 time=1.37 ms
  64 bytes from 192.168.1.100: icmp_seq=3 ttl=127 time=0.686 ms
  64 bytes from 192.168.1.100: icmp_seq=4 ttl=127 time=0.660 ms
  64 bytes from 192.168.1.100: icmp_seq=5 ttl=127 time=0.681 ms
  --- 192.168.1.100 ping statistics ---
  5 packets transmitted, 5 received, 0% packet loss, time 4010ms
  rtt min/avg/max/mdev = 0.660/1.156/2.386/0.672 ms
  traceroute from master router (192.168.2.x subnet):
  traceroute to 192.168.1.100 (192.168.1.100), 30 hops max, 40 byte packets
  1 192.168.2.2 (192.168.2.2) 2.735 ms 0.944 ms 0.880 ms
  2 192.168.1.100 (192.168.1.100) 1.145 ms 1.241 ms 1.116 ms
  Trace complete
  --The traceroute also shows that the master router can now find addresses in the slave subnet.
  And just for sanity:
  # from machine in slave subnet (192.168.1.100):
  $ ping 192.168.2.25
  Pinging 192.168.2.25 with 32 bytes of data:
  Reply from 192.168.2.25: bytes=32 time=1ms TTL=62
  Reply from 192.168.2.25: bytes=32 time=1ms TTL=62
  Reply from 192.168.2.25: bytes=32 time=1ms TTL=62
  Reply from 192.168.2.25: bytes=32 time=1ms TTL=62
  Ping statistics for 192.168.2.25:
  Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
  Minimum = 1ms, Maximum = 1ms, Average = 1ms
  STATUS:
  SOLVED: Subnets w/cross-traffic.
  STILL OPEN: 2 non-interfering DHCP servers.
  And thanks for your comments sharkbyte.Message Edited by greno on 11-01-200607:24 PM