We help IT Professionals succeed at work.

Setting Up Two Additional Subnets Using Cisco Catalyst 3550 Switch and 3640 Router

hachemp
hachemp asked
on
800 Views
Last Modified: 2008-08-06
Our original IP range was 192.168.8.x and .9.x.  As we expanded and needed more IP addresses, a consultant used the C3550 to supernet .10.x and .11.x using VLAN 1 and a single ethernet cable plugged into interface 1.  Now we need to repeat that process to create a supernet of .12 - .13, and need .8 through .13 to communicate with each other.  Here are the configs from each device:

Cisco C3550:

!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret xxxxxx
enable password xxxxxxx
!
no aaa new-model
ip subnet-zero
ip routing
!
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface GigabitEthernet0/3
 switchport mode dynamic desirable
!
interface GigabitEthernet0/4
 switchport mode dynamic desirable
!
interface GigabitEthernet0/5
 switchport mode dynamic desirable
!
interface GigabitEthernet0/6
 switchport mode dynamic desirable
!
interface GigabitEthernet0/7
 switchport mode dynamic desirable
!
interface GigabitEthernet0/8
 switchport mode dynamic desirable
!
interface GigabitEthernet0/9
 switchport mode dynamic desirable
!
interface GigabitEthernet0/10
 switchport mode dynamic desirable
!
interface GigabitEthernet0/11
 switchport mode dynamic desirable
!
interface GigabitEthernet0/12
 switchport mode dynamic desirable
!
interface Vlan1
 ip address 192.168.10.1 255.255.254.0 secondary
 ip address 192.168.8.29 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.8.9
ip route 192.168.9.0 255.255.255.0 192.168.8.5
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
 password xxxxxxxx
 login
line vty 5 15
 password xxxxxxxx
 login
!
end



The 3640 Router:

!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service dhcp
!
hostname x
!
logging rate-limit console 10 except errors
enable secret xxxxxxx
enable password xxxxxxx
!
clock timezone CST -6
clock summer-time CDT recurring
ip subnet-zero
!
!
no ip finger
ip name-server 192.168.8.33
!
call rsvp-sync
cns event-service server
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 description Internal LAN
 ip address 192.168.8.5 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 description Email
 ip address 192.168.250.2 255.255.255.252
 no service-module t1 remote-loopback full
!
interface FastEthernet0/1
 description unused
 ip address xxx.xxx.xxx.xxx 17 255.255.255.0
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 description T1 - 1
 ip address xxx.xxx.xxx.xxx 255.255.255.252
 no fair-queue
!
interface FastEthernet1/0
 description Fiber
 ip address xxx.xxx.xxx.xxx 255.255.255.240
 duplex auto
 speed auto
!
interface Serial1/0
 description T1 - 2
 ip address xxx.xxx.xxx.xxx 255.255.255.252
 no fair-queue
!
interface FastEthernet1/1
 description to PIX outside
 ip address xxx.xxx.xxx.xxx 255.255.255.248
 ip nat inside
 speed 100
 full-duplex
!
interface Serial1/1
 no ip address
 shutdown
!
ip default-gateway 192.168.250.1
ip kerberos source-interface any
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
ip route 192.168.9.0 255.255.255.0 192.168.250.1
ip route 192.168.9.0 255.255.255.0 192.168.8.4 250
ip route 192.168.10.0 255.255.254.0 192.168.8.29
ip route xxx.xxx.xxx.xxx 255.255.255.248 xxx.xxx.xxx.xxx
no ip http server
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
 password xxxxxxx
 login
 transport input none
line aux 0
line vty 0 4
 password xxxxxxx
 login
line vty 5 15
 password xxxxxxx
 login
!
ntp clock-period 17180092
ntp server 192.168.8.33 source FastEthernet1/0
end


The router is .8.5 (there is a lot of extra baggage on the router config which I need to carefully clean out), and the switch is .8.29 (and 10.1 as a secondary).  .9.0 is at a colocation where our Exchange server is hosted, and .8.29 is our internet gateway.  Upon looking at the switch config, I see that VLAN 1 was given an IP on both .8.0 (our original subnet) and .10.0.  I can also see that in the router config, there's a route for .10.0 traffic to point back to the switch at .8.29.  Obviously I can't repeat this (giving VLAN 2 an IP on .8.0 and .12.0) because VLAN subnets cannot overlap.  So I need .12.0 and .13.0 to be routable to .8, 9, 10, and 11 and vice versa.  Can anyone give me some advice?  Exact commands would be fantastic, but I really just need to know what direction I should take to accomplish this.


Thanks!
Comment
Watch Question

Commented:
You could remove the .8.x address from VLAN1, apply it to a loopback interface on that router so its still routeable then just create VLAN 2 with the new address range required.

Do not forget to add a route to your 3640 directing traffic for that subnet to the 3550. Though at this point I'd start considering implementation of a routing protocol as opposed to maintaining static routes.
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Commented:
Actually I take it back ... the quickest solution is to change the subnet mask on the 192.168.10.0 supernet under vlan 1 from 255.255.254.0 to 255.255.252.0.

3550 config:
interface Vlan1
 no ip address 192.168.10.1 255.255.254.0 secondary    <-- covers .10 and .11 subnets
 ip address 192.168.10.1 255.255.252.0 secondary         <-- covers .10 - .13 subnets
!

3640 config:
no ip route 192.168.10.0 255.255.254.0 192.168.8.29
ip route 192.168.10.0 255.255.252.0 192.168.8.29

Commented:
sry... it guess it shows that iam a noob here ... and in my excitement forgot my subnetting ... please ignore my second post ... the 255.255.252.0 subnet would not work since it would conver .8 - .12 subnets .. and not .10 - .13.

But...my first solution still stands :)

Commented:
lol ^

Author

Commented:
vjlp - i tried your first suggestion, and when i static a computer to a .12 address, it works great for anything on the internal network, but i can't seem to connect to the internet.  i'm not sure why that is, because 'ip route 0.0.0.0 0.0.0.0 192.168.8.9' on the switch should direct that traffic to our gateway.  when i run a tracert to google.com, it dies at 8.29.  do you have any suggestions?

thanks to both of you, i really appreciate it

Author

Commented:
i forgot to mention that i am getting dns resolution for outside address, just can't connect to them or ping them.  thx

Author

Commented:
Sorry, my mistake :)  I forgot to add a static route for .12 back to 8.29 on the 8.9 firewall.  everything seems to be working good.  thanks a lot.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.