Creating LAN subnets
Hi,
I have a LAN using IP range 192.168.1.x. I am currently using a Cisco 857 ADSL router to provide internet access to all the PC's in the LAN.
I want to change the network so that IP addresses are separated into different departments, eg 192.168.10.x, 192.168.20.x. Each different network would be able to access the internet, mail server and the file server etc, but would not have access to each other.
Could this be achieved using ACL's on my existing router? The Cisco router only has 4 ports, would I need to purchase an additional router, or layer 3 switch to do this?
Thanks
Nick
Hi,
It's true, the 850 series only supports one vlan. :(
You would have to put a Layer3 switch behind it, and create a separate subnet connecting it to the cisco 857 (either by VLAN/SVI or routed port).
On the L3 switch create different VLANs and SVI's for your clients. Assign different ports to the desired Client VLANs.Communication between the VLANs can be limited by ACL's applied to the SVIs.
On the L3 switch point a default route towards the Cisco857, and dont forget to set appropriate routes on your Cisco 857 pointing back to the Layer 3 Switch.
hth
Ingo
Similar Messages
-
PBR using dual ISP and single LAN subnet
Hello,
I have 2 ISP connections on the Cisco router 29121 i.e. Leased Line and PPPoe and single LAN subnet
I want to use PBR.
I want to allow ip traffic destined for 1.1.1.1,2.2.2.2,3.3.3.3 ( Fictitious IP) to go through Lease Line
and all other traffic through PPPoe
Please help me to achieve this.
Thanks in advance.WoW Great Thanks cadet alain
It working as desired.
This is my current config. I just want you help for last thing
If leased line goes down, I want to direct the user to PPPoe
However, if PPPoe, the users should NOT BE directed to leased line
int gi0/0
description << Leased Line >>
ip address 100.100.100.101 255.255.255.252
ip nat outside
no shut
int gi0/2
description << LAN Subnet>>
ip address 10.1.50.1 ip nat inside
ip policy route-map lease
no shut
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in max-reassemblies 512
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname XXXXXXXXXXXXXXX
ppp chap password 0 9860
ppp pap sent-username XXXXXXXXXXXXXXX password 0 9860
no cdp enable
interface GigabitEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no shut
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
access-list 100 permit ip 10.1.50.0 0.0.0.255
route-map lease permit 10
match ip address 100
match interface gi0/0
route-map pppoe permit 10
match ip address 100
match interface dialer 0
ip nat inside source route-map lease interface gi0/0 overload
ip nat inside source route-map pppe interface dialer 0 overload
access-list 101 permit ip 10.10.1.50.0 0.0.0.255 host 1.1.1.1
acess-list 101 permit ip 10.1.50.0 0.0.0.255 host 4.2.2.2
route-map PBR permit 10
match ip address 101
set ip next-hop 100.100.100.102
ip route 0.0.0.0 0.0.0.0 dialer0
ip route 0.0.0.0 0.0.0.0 100.100.100.102 -
RV130 router : Unable to modify LAN subnet mask
Hi every one,
I'm using a cisco router RV130, which runs the latest firmware (1.0.1.3), and when
I set an IP address to the LAN interface, I can't choose the subnet mask greater than /24.
The scrolling list proposes only these values :
255.255.255.0
255.255.255.128
255.255.255. .. and so on to 255.255.255.252
The issue is that the customer's lan address is 172.17.0.0/16 (255.255.0.0)
Any clue ?
ThierryPlease see the attached Word Document for how to create a case online. Please make sure your CCOID is associated with the Product and/or the contract. This will prevent any issue when creating a case. If there is an issue with the association, the 1-866-606-1866 number will put you in touch with the people to assist in the association to your CCOID. Hope this helps.
-
Need to create contiguous subnet using 2 rv120w gateways
Hi,
I have been tasked to create a Voip system using Cisco UC320 to serve one main and one auxiliary office. I think there is no way to use the UC320 as a VOIP gateway on multiple subnets so I need to create contiguous IP space between the two branches. I was able to create site-to -site VPN using the RV120W firewalls but I have two subnets 192.168.1.1 and 192.168.2.1 and the IP phones in the auxiliary office do not register. Any ideas how this can be achieved?
Thanks!!Dear Svetoslav,
Thank you for reaching the Small Business Support Community.
It's been several days since you posted your inquiry with no answer from the community members yet, I therefore suggest you to inquire about this in the Small Business Voice and Conferencing support group;
https://supportforums.cisco.com/community/netpro/small-business/voiceandconferencing
Just in case notice you may request from others support channel available;
https://supportforums.cisco.com/community/netpro/small-business/sbcountrysupport
Please do not hesitate to reach me back if there is any further assistance I may help you with.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found. -
VMW Fusion 4.1 breaks 1 host LAN subnet
Testing VMware Fusion 4.1 on '09 MacBook Pro Lion 10.7.2 to run a Lion 10.7.2 guest for testing. When Fusion is running, regardless of VM on, suspended or stopped, it sometimes has (not yet consistantly reproduceable) killed Exchange mail in the host (mail.app or MS 02k11) and kills any new access to one particular local subnet (yet all other LAN and WAN subnets are fine) from host wired etnernet LAN (guest VM running bridged, wifi, totally separate / firewalled from host wired LAN). Quit Fusion and, bam, all works again. Repeatable back & forth, and after reboot with nothing else running. Can't even ping subnet on router. Even stranger: if shared server volumes from affected subnet are mounted in host before starting Fusion they stay mounted and fully accessible for read/write yet their whole subnet can no longer be pinged, no new connection to server from host can be established.
Tried changing lots of network settings in host, Fusion and guest VM, seems to make no difference: The simple act of starting Fusion.app breaks host access to just the 1 local subnet. Quitting Fusion.app restores it.
Anyone got any ideas what causes this, maybe something simple I've overlooked? TIA.Sorry to hear that.
But Apple have probably broken it when they added the MobileMe and modified the Wide-Area Bonjour code.
However, I can report that Back-to-My-Mac does work on the AEBS. If you already a MM subscriber, you can use that to get back to the AirDisk. -
Creating a subnet via ethernet
Very technical question here:
I have a MBP and a NAS server which runs Windows xp pro (for certain reasons)...
anyways, I have both computers using their respective wireless cards for the internet... both have gigabit connections so I looked into connecting the both of them at home to back up the mac apps / music etc to my desktop via Ethernet..
Is possible to have the apple maintain it's wireless connection and connect to the server via a subnet or something using the Ethernet?
This would be a life saver.. think of it as 2 internet solutions working at the same time using different protocols.You will need to run a DHCP server on either the MBP or server. Alternatively you can use static IP addresses. From the question it looks like the MBP and server are both still able to access the external network via the wireless router, as opposed to, say, the MBP's packets being routed through the server then to the router. In this case, you need to ensure that the default gateway is via the wireless interface. You can use the route command, via Terminal, to get the right routing / forwarding table.
-
I have a tunnel created and I need to NAT the local network 192.168.1.0/24 to 172.31.196.0/24 to the destination IP, let's say (2.2.2.2)
code version is 821
name 2.2.2.2 External_IP
name 172.31.196.0 Local_xlated
I thought the statement would look like nat (inside,outside) inside-network Local_xlated static destination External_IPeluciasa(config)# packet-tracer input inside tcp 192.168.1.6 53 8.8.8.8 53
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (inside,outside) MC_Local_xlated access-list L2LVPN-POLICYNAT
match ip inside 192.168.1.0 255.255.255.0 outside host External_IP
static translation to MC_Local_xlated
translate_hits = 0, untranslate_hits = 0
Additional Information:
Phase: 6
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any outside any
dynamic translation to pool 1 (External_IP [Interface PAT])
translate_hits = 24686918, untranslate_hits = 1904674
Additional Information:
Dynamic translate EluciMX01/53 to External_IP/356 using netmask 255.255.255.255
Phase: 7
Type: HOST-LIMIT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 32668832, packet dispatched to next module
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
eluciasa(config)# -
I'm planning to use RVS 4000 in 10 of my branch offices.
The current IP's of those branch offices are 10.12.0.0/16 (255.255.0.0)
When trying to configure the RVS4000 LAN IP I only have a drop down for selecting the mask and the largest one is 255.255.255.0, is there any way of using larger mask then that?
Thanks!The LAN configuration of RVS4000 is limited to a Class C network. That said, RVS4000 does support multiple VLANs, each of which is a Class C network.
-
Problem Creating LAN - X130E & Desktop PC - Win7 64 Pro and WinXP 32 Pro
Purchased a Cat 5e Crossover and read several how-to guides online but no success. Spoke with a computer tech who told me he could try working on it for a couple hours but could not promise anything. I want to transfer files between the two. Should I try a fresh format on the two offline? Any suggestions or insight duly appreciated.
ewaller wrote:The only thing I can think of has to do with the way that Windows does network discovery. They have the notion of a domain controller. As to who is the controller is subject to negotiation; In general, the machine running the newer OS wins. This is mostly of importance to SAMBA, but I wonder if it may be impacting other things as well. Perhaps the XP has given some of its authority over to the Win 7 box.
Maybe it is authority problem, but how to investigate it in XP, is beyond me. I really tried everything I could think off and find, spent countless hours on this, nothing worked. My Arch strangely, only has access to imap and ics calendars, still no http, https... access for almost a week.
Short summary of problem: Arch Laptop was networked with XP machine through simple network cable and received Internet over XP's ICS. After Win7 is installed beside Arch on same laptop and networked to XP machine, Arch can not receive Internet anymore through XP's ICS.
Now Win7 can network and receives Internet from XP's ICS, Arch on same laptop can network but can't receive Internet from XP's ICS. No firewalls present on Arch and XP.
Does anyone have an idea or suggestion how to investigate this, cause I'm totally clueless now? -
RV110W: How to create subnet?
This is my lan configuration:
RV110W router connects to the internet (PPOE) through WAN
Unmanaged switch #1 connects to lan port of RV110W
6 machines connect to the switch directly
I want to isolate 2 machine from the rest of ther other machines without additional hardware. These machines should not be able to access the RV110 configuration web interface. I heard this is possible by creating a subnet. How would I do that on the RV110w?
Here is the router configuration page demo:
https://www.cisco.com/web/sbtg/gui_mockups/RV110W/default.asp.htm
Are these the correct steps (no additional hardware or cabling):
1) Create another VLAN #2
2) Change both VLAN #1 and VLAN #2 to tagged on Port #1 (exclude the other ports)
3) Goto "LAN Configuration" and put the local IP as 192.168.2.1 for VLAN #2 and then change the subnet mask to 255.255.255.128?Hi, My name is Eric Moyers. I am a Network Support Engineer in the Cisco Small Business Support Center. Thank you for using the Cisco Community Post Forums.
That should get you started in the right direction. Also remember to go to the Networking - Routing tab and make sure that Inter-Vlan Routing is disabled if you do not want the two vlans to be able to talk to each other.
Thanks
Eric Moyers .:|:.:|:.
Cisco Small Business US STAC Advanced Support Engineer
Wireless Subject Matter Expert
CCNA, CCNA-Wireless
*Please rate the Post so other will know when an answer has been found. -
Routing Experts please help with below LAN routing issue with NAT
Hello Experts,
I have a weird situation and requirement.
The existing setup is -
We have email/ticketing server hosted in the LAN which is reachable on the publicly NAT'ed IP with respective port numbers of 89 & 443. We have LAN & servers on the same subnet. The internet is with public DHCP IP assigned by ISP (/29). We use linksys router GUI for NAT settings (attached).We are using the same public IP for the server NAT & user NAT.
We tried to refresh our network by separating the subnets for LAN users & servers. We used the Cisco 3845 router to create sub-interfaces in the LAN and configure respective subnets. Now both user subnet and server subnet are connecting to the Internet with same public IP (static NAT for servers & dynamic for users). We can connect to the server IP from the Internet and it resolves fine. However user LAN subnet cannot connect to the server if we try the URL. Users can access the Internet fine.
Please find attached short diagram and below configuration and please give your inputs to solve this.
Cisco 3845 router
access-list 1 permit 10.155.60.0 0.0.0.255
access-list 2 permit 10.155.61.0 0.0.0.255
access-list 3 permit 10.155.62.0 0.0.0.255
ip nat inside source list 1 int g0/0 overload
ip nat inside source list 2 int g0/0 overload
ip nat inside source list 3 int g0/0 overload
int g0/0
ip add 8.8.8.8 255.255.255.248
ip nat outside
no shut
int g0/1
description Trunk-to-Switch
no shut
int g0/1.60
description User vlan
ip add 10.155.60.1 255.255.255.0
encapsulation dot1q 60
ip nat inside
int g0/1.62
description Server vlan
ip add 10.155.62.1 255.255.255.0
encapsulation dot1q 62
ip nat inside
exit
aaa new-model
aaa authentication login default local
aaa authentication login vpn_xauth_ml_1 local
aaa authentication login sslvpn local
aaa authorization network vpn_group_ml_1 local
aaa session-id common
acl 120
max-users 10
exit
!access-list 120 remark ==[Cisco VPN Users]==
access-list 120 permit ip any host 192.168.0.10
access-list 120 permit ip any host 192.168.0.11
access-list 120 permit ip any host 192.168.0.12
access-list 120 permit ip any host 192.168.0.13
access-list 120 permit ip any host 192.168.0.14
access-list 120 permit ip any host 192.168.0.15
access-list 120 permit ip any host 192.168.0.16
access-list 120 permit ip any host 192.168.0.17
access-list 120 permit ip any host 192.168.0.18
access-list 120 permit ip any host 192.168.0.19
no access-list 100
access-list 100 remark [Deny NAT for VPN Clients]=-
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.10
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.11
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.12
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.13
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.14
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.15
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.16
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.17
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.18
access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.19
access-list 100 remark
access-list 100 remark -=[Internet NAT Service]=-
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
exit
ip nat inside source static tcp 10.155.62.55 21 8.8.8.8 21
ip nat inside source static tcp 10.155.62.55 88 8.8.8.8 88
ip nat inside source static udp 10.155.62.55 88 8.8.8.8 88
ip nat inside source static tcp 10.155.62.84 3389 8.8.8.8 3389
ip nat inside source static udp 10.155.62.84 3389 8.8.8.8 3389
ip nat inside source static tcp 10.155.62.98 80 8.8.8.8 80
ip nat inside source static udp 10.155.62.98 80 8.8.8.8 80
ip nat inside source static tcp 10.155.62.98 443 8.8.8.8 443
ip nat inside source static udp 10.155.62.98 443 8.8.8.8 443
ip nat inside source static tcp 10.155.62.98 25 8.8.8.8 25
ip nat inside source static udp 10.155.62.98 25 8.8.8.8 25
ip nat inside source static tcp 10.155.62.84 8080 8.8.8.8 89
ip nat inside source static udp 10.155.62.84 8080 8.8.8.8 89
ip nat inside source static tcp 10.155.62.84 9005 8.8.8.8 9005
ip nat inside source static udp 10.155.62.84 9005 8.8.8.8 9005
ip nat inside source static tcp 10.155.62.84 135 8.8.8.8 135
ip nat inside source static udp 10.155.62.84 135 8.8.8.8 135
ip nat inside source static tcp 10.155.62.84 139 8.8.8.8 139
ip nat inside source static udp 10.155.62.84 139 8.8.8.8 139
ip nat inside source static tcp 10.155.62.84 445 8.8.8.8 445
ip nat inside source static udp 10.155.62.84 445 8.8.8.8 445
ip nat inside source static tcp 10.155.62.84 90 8.8.8.8 465
ip nat inside source static udp 10.155.62.84 90 8.8.8.8 465
ip nat inside source static tcp 10.155.62.143 3381 8.8.8.8 3381
ip nat inside source static udp 10.155.62.143 3381 8.8.8.8 3381
ip nat inside source static tcp 10.155.62.46 8081 8.8.8.8 91
ip nat inside source static udp 10.155.62.46 8081 8.8.8.8 91
ip http server
ip http authentication local
no ip http secure-server
ip http path flash:/cme-gui-7.1.0.1
file privilege 0
telephony-service
dn-webedit
time-webedit
transport input ssh
line con 0
line vty 0 15
login local
ntp server ntp.first2know.net
clock timezone gmt 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
ntp update-calendar
ntp master
=========================================================================================================================================
Cisco 3750 Config;
vlan 60
name User
vlan 61
name Voice
vlan 62
name Server
exit
interface g1/0/1
description Trunk-to-Router
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
interface vlan 60
description User Vlan
ip add 10.155.60.2 255.255.255.0
interface vlan 61
description Voice Vlan
ip add 10.155.61.2 255.255.255.0
interface vlan 62
description Server Vlan
ip add 10.155.62.2 255.255.255.0
service dhcp
ip dhcp pool Users
network 10.155.60.0 255.255.255.0
default-router 10.155.60.1
dns server 4.2.2.2
ip dhcp pool Voice
network 10.155.61.0 255.255.255.0
dns server 4.2.2.2
exit
ip dhcp excluded-address 10.155.60.1 10.155.60.2 10.155.60.3
ip dhcp excluded-address 10.155.61.1 10.155.61.2
interface range g1/0/2 - 1/0/21
switchport mode access
switchport access vlan 60
switchport access vlan 61
exit
exit
interface range g1/0/22 - 1/0/26
switchport mode access
switchport access vlan 62
exit
Thanks,
DeepakOne more thing I should clarify the route I am putting into the 10.10.1.9 server is
route add 10.1.6.0 mask 255.255.255.0 10.10.1.250 which tells the server to bypass the ASA and go directly to the ISP router.(then i can successfully tracert everything). The big question here is how to make the inside ASA connection 10.10.1.1 to force all traffic to 10.10.1.250.
Thanks in advance. -
Prioritise traffic based on IP subnet
I'm currently using an Avaya IP Office VoIP solution and I want to introduce a Cisco 2600 to replace the WAN units. I've been told that I will need a QOS switch or have two Lan ports on the router to create two subnets (1 for Data & 1 for VoIP).
If I decide to use 2 lan ports instead of installing a QOS switch can someone tell me if this solution is viable and if it is how would I proritise the traffic based upon the IP subnet.If you are going to place the phones on a single subnet and connect them to a dedicated router interface with no other devices (PCs, printers etc) you should get away without any QoS because all the data on that subnet will be voice bearer, voice signaling and network management with voice bearer being by far the majority of the traffic. Your greatest concern for voice quality should be aimed at the WAN link. You will need to ensure that you have QoS between sites and this will be dependent on the type of WAN link employed.
-
How to nat subnets before establishing site to site ipsec vpn tunnel?
Hello,
Coming across requirement which is new to me as I have not done this setup. Details as follows. Hope some1 can help.
Requirement: nat existing subnets to 192.168.50.0/24 subnet which is allowed at another firewall.
Existing device: Cisco 5510 where I need to do this NAT.
Existing scenario in short: I have created vlans on asa by creating sub interfaces.
Changes done: added new sub int for 192.168.50.0. Added new object as 192.168.50.0 . Now done with creation of acl where traffic from 192.168.50.0 to remote subnets allowed. In NAT object sections done nating 1 to 1 I.e. existing subnet to 192.168.50.0
Done ipsec vpn setup inc phase 1 & 2.
Now tried to ping remote hosts but not reachable.
Pls advice how to make it work.
I dont any router next to asa 5510. Asa is in routed mode. Next hop to asa is isp's mux.Hello. Pls find my answers inline
I first got the picture that the NAT network is 192.168.50.0/24 and some other networks should be NATed to this.
Answer: Thats correct.
Later on it seems that you have configured this to some interface on the ASA?
Answer: Yes as I have defined vlan's on ASA itself. i.e. other subnets too i.e. 10.x series & 192.168.222.x series. I used Ethernet 0/0 as main interface for all LAN networks and have created sub interfaces i.e. vlan's on it. Using 3COM switch down to ASA to terminate those vlan's & distribute to unmanaged switches. Due to port limitations on ASA I have configured vlans on ASA itself. Ethernet 0/2 is my WAN interfacei.e. ISP link terminates on Eth 0/2 port.
So are you attempting to NAT some other LAN networks to this single NAT network before the traffic heads to the L2L VPN connection on your ASA?
Answer: Yes thats right. Attempting to NAT multiple networks to single NAT before traffic head to L2L VPN connecting from my ASA 5510 to remote Citrix firewall.
Can you then mention what are the source networks and source interfaces for these networks? What is the destination network at the remote end of the L2L VPN connection?
Answer: Source networks = 10.100.x series & 192.168.222.x series / Destination networks are from 192.168.228.x , 192.168.229.x series. Remote admin wants us to NAT our multiple subnets to single subnet i.e. 192.168.50.0 and then traffic from this subnet is allowed at remote end.
Do you want to just do a NAT Pool of the 192.168.50.0/24 network for all your Internet users OR does the remote end also have to be able to connect to some of your sites hosts/servers?
Answer: Yes just want to NAT LAN subnets to 192.168.50.0/24 for all LAN users. 1 way access. I am going to access remote servers.
The new thing for me is how to NAT multiple subnets. I have existing ipsec vpn's where I have added multiple subnets which is traditional set up for me. This requirement is new to me. -
Hi all,
I am reading the configuration of interVLAN routing on 3750 from cisco @
http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41260-189.html
There are 3 VLAN created on the L3 switch namely
VLAN10 - 10.1.10.0/24 network
VLAN 2 - 10.1.2.0/24 network
VLAN 3 - 10.1.3.0/24 network
But on the show IP route results (see bold red), why does it indicate that 10.0.0.0/24 is subnetted. How is it subnetted ?
10.1.10.0/24, 10.1.2.0/24, 10.1.3.0/24 all belongs to different network are not subnet out from 10.0.0.0/24.
How does the calculation goes ?
Cat3550#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 200.1.1.2 to network 0.0.0.0
200.1.1.0/30 is subnetted, 1 subnets
C 200.1.1.0 is directly connected, FastEthernet0/48
10.0.0.0/24 is subnetted, 3 subnets
C 10.1.10.0 is directly connected, Vlan10
C 10.1.3.0 is directly connected, Vlan3
C 10.1.2.0 is directly connected, Vlan2
S* 0.0.0.0/0 [1/0] via 200.1.1.2
Please advise
Regards,
NoobNoob
Jon is quite correct that in modern usage we tend to treat network and subnet as almost interchangeable. But technically there is a difference and that difference becomes significant for the kind of question that you are asking. There is no "network" 10.0.0.0/10. 10.0.0.0/10 is a subnet of the class A network 10.0.0.0/8. You are correct that 10.0.0.0/10 can be further subnetted but that does not make 10.0.0.0/10 into a "network".
To go a step further in explaining this perhaps we can think of designing a network for a company that has offices in several cities. We might assign 10.0.0.0/10 as the network for the Chicago office, and 10.64.0.0/10 as the network for the New York office, and 10.128.0.0/10 as the network for the Atlanta office and 10.192.0.0/10 as the network for the Los Angeles office. (Note that while I called them network here they are actually subnets of class A 10.0.0.0/8) Within each city we might further subnet their block of addresses to create multiple subnets for each city.
It might help to think about how Cisco organizes the routing table to support the routing function. When a router receives a packet and needs to make a forwarding decision it searches the routing table looking for the longest match. In functional terms what it is doing is to identify what network the packet belongs to and then to determine whether that network has been subnetted, and if so to which subnet does the packet go. So Cisco organizes the routing table to identify the network on one line and then to identify the subnets on lines below the network line. So in your original post the line in red
10.0.0.0/24 is subnetted, 3 subnets
is telling us about the network and the lines below it are telling us about the subnets that it knows of that network.
It also seems that you are looking at 10.0.0.0/24 as if that were a single piece of information indicating that 10.0.0.0/24 is present in the routing table. That is not what is actually indicated. There are two separate and distinct pieces of information in that.
1) the network is 10.0.0.0 (a class A network)
2) the network is subnetted consistently using a /24 mask
HTH
Rick -
1 modem - 2 routers (chained) - 2 subnets (cross-traffic) - 2 dhcp
My goal is trying to use 1 isp modem, chain 2 linksys routers, creating 2 subnets that pass traffic between them, having each subnet served by its own dhcp. So how I started was by setting up Router 1 (R1) to use address space 192.168.2.0. Straightforward, tested, everything works fine. Then I turned on Router 2 (R2) standalone, connected a PC directly to a LAN port on it and configured it for address space 192.168.1.0. Gave it an WAN address of 192.168.2.2 (from R1). Disconnected PC and connected a LAN port of R1 to the WAN port of R2. I then went back to R1 and added a static route 192.168.1.0/24 -> 192.168.2.2. I then connected the PC to the LAN port of R1 and expected everything to be ok, but, it wasn't. The PC can ping R1 but not R2. If I connect the PC to a LAN port of R2 I can ping both routers. So subnet cross traffic seems to be flowing one way. If I can get that figured out my next question is how to have both dhcp working but restricted to their own subnets. I would think if I can find a way to block cross-traffic on ports 67,68 that would do it. Has anyone done what I'm trying to do? Looking for a little help.
thxTurned off NAT and SPI firewall on slave and widened the subnet mask.
Now we're getting somewhere.
Here's the output I've been able to obtain:
# ping from machine in the master's 192.168.2.x subnet to slave ip:
[root setup]# ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=127 time=2.38 ms
From 192.168.2.1: icmp_seq=2 Redirect Host(New nexthop: 192.168.2.2)
64 bytes from 192.168.1.100: icmp_seq=2 ttl=127 time=1.37 ms
64 bytes from 192.168.1.100: icmp_seq=3 ttl=127 time=0.686 ms
64 bytes from 192.168.1.100: icmp_seq=4 ttl=127 time=0.660 ms
64 bytes from 192.168.1.100: icmp_seq=5 ttl=127 time=0.681 ms
--- 192.168.1.100 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4010ms
rtt min/avg/max/mdev = 0.660/1.156/2.386/0.672 ms
traceroute from master router (192.168.2.x subnet):
traceroute to 192.168.1.100 (192.168.1.100), 30 hops max, 40 byte packets
1 192.168.2.2 (192.168.2.2) 2.735 ms 0.944 ms 0.880 ms
2 192.168.1.100 (192.168.1.100) 1.145 ms 1.241 ms 1.116 ms
Trace complete
--The traceroute also shows that the master router can now find addresses in the slave subnet.
And just for sanity:
# from machine in slave subnet (192.168.1.100):
$ ping 192.168.2.25
Pinging 192.168.2.25 with 32 bytes of data:
Reply from 192.168.2.25: bytes=32 time=1ms TTL=62
Reply from 192.168.2.25: bytes=32 time=1ms TTL=62
Reply from 192.168.2.25: bytes=32 time=1ms TTL=62
Reply from 192.168.2.25: bytes=32 time=1ms TTL=62
Ping statistics for 192.168.2.25:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
STATUS:
SOLVED: Subnets w/cross-traffic.
STILL OPEN: 2 non-interfering DHCP servers.
And thanks for your comments sharkbyte.Message Edited by greno on 11-01-200607:24 PM
Maybe you are looking for
-
Second try at getting info on how to submit a podcast feed. Please?
Can anybody point me to a page besides the outdated one here on Apple's page PODCASTING AND ITUNES: TECHNICAL SPECIFICATION ? Where it says under TESTING YOUR FEED to select "Subscribe to Podcast" in the Advanced menu. There is no option in the new 7
-
Pages not loading with Safari 4.0.4
I am using Safari for Microsoft windows with xp SP3. Most of the time it works fine but: If I click on a link on a page the page goes blank with the busy icon spinning and just sits there. If I click [View] [reload page] then the new page appears alm
-
Hello al! I created a website with iWeb but use GoDady for hosting it rather than MobileMe. The images on my Gallery page do not show at all on the external domain but they DO show when seen on MobileMe. Has anyone encountered this problem before? Ma
-
Can I conditionally stop a PO line item from being included in my output idoc?
-
Hi all, sorry if this question is old hat - I've searched the forums and can't seem to get a clear answer (most refer to CS3 and before) so thought I'd ask anew. My preview in Premiere CS4 is fine, as is the preview in Encore CS4. The video was captu