Need to add an additional subnet
We are currently using subnet 192.168.0.X and will soon be adding more devices. At that point we will run out of IP addresses. I want to add subnet 192.168.1.X. We are using a Cisco ASA5510 (as our firewall/default gateway, ip address 192.168.0.1) and a Cisco switch stack. I have added another scope to our DHCP server (192.168.1.X) and created a Superscope with both the existing scope and the new scope. I configured an additional interface on the ASA5510 and connected it to our switch stack, although I'm not sure if that was necessary. I also created another subnet in Active Directory Sites and Services (the orignal subnet wasn't listed, so I added that as well). I can create a reservation on the new scope and use an ip address from it, but that computer cannot see any network resources or access the internet. I know I am missing something (maybe at the switch?), but I'm not sure what. Help!
ASKER
We have three 48 port switches in the stack and one site. We are running out of IP addresses because we use NetMotion to connect our mobile clients and it assigns two IP addresses from the scope - one is a virtual IP and the other is a Point of Presence IP. We have close to 100 mobile clients, so we are using almost 200 IP addresses just for them. I can ping the 192.168.1.1 gateway from the client with the reservation.
Ok, can you add a second client to the 192.168.1.x subnet to be sure intra subnet traffic works?
I think we need to check and be sure there is a rule on the ASA allowing the traffic between the two subnets after we ensure that local is working first.
I think we need to check and be sure there is a rule on the ASA allowing the traffic between the two subnets after we ensure that local is working first.
ASKER
I added a second client on the 192.168.1.x subnet and both clients can ping each other.
Good, can you see if you have any policies that allow traffic between the two...
Example
access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
Example
access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
Hi there.
Clients in the 192.168.1 network get the ip correctly from the DHCP server and can't talk with the computers in the 192.168.0 network, or do they have problems with getting a correct IP?
For troubleshooting, perform these steps:
1. Assign manually an IP in the 192.168.1 network, and see if things work. If they don't, tell us how far the connectivity goes. (Can it ping the ASA interface in the 192.168.0 network?)
2. Connect 2 hosts in the 192.168.1 network. Let them get IP through DHCP. Can they ping each other? Can they ping ASA's interface in their network? Can they ping ASA's interface in the other network?
Please update us with these information, to see if it's a routing problem, a DHCP problem, or maybe a problem with the DHCP relay client.
Clients in the 192.168.1 network get the ip correctly from the DHCP server and can't talk with the computers in the 192.168.0 network, or do they have problems with getting a correct IP?
For troubleshooting, perform these steps:
1. Assign manually an IP in the 192.168.1 network, and see if things work. If they don't, tell us how far the connectivity goes. (Can it ping the ASA interface in the 192.168.0 network?)
2. Connect 2 hosts in the 192.168.1 network. Let them get IP through DHCP. Can they ping each other? Can they ping ASA's interface in their network? Can they ping ASA's interface in the other network?
Please update us with these information, to see if it's a routing problem, a DHCP problem, or maybe a problem with the DHCP relay client.
ASKER
I have spoken to Cisco about this problem. Apparently, it is a switch stack problem. According to Cisco, I need to create an additional VLAN and enable IP routing on my switch stack. Currently, all ports are in one VLAN. They tell me that I have to create a second VLAN and include the ports that are to be on the new subnet. This will be problematic, since I am not sure what is connected to each port. I thought this would be a much easier task than it has turned out to be. I should know better!
That is ok, you can get it sorted if you want.
show mac-address-table
sh arp
Between the two you can map who is connected to what switchport.
I'd suggest you put all of your ports in the same VLAN and then begin splitting the VLAN if you want to implement the VLAN.
Have you considered using a Class B subnet mask 255.255.0.0?
show mac-address-table
sh arp
Between the two you can map who is connected to what switchport.
I'd suggest you put all of your ports in the same VLAN and then begin splitting the VLAN if you want to implement the VLAN.
Have you considered using a Class B subnet mask 255.255.0.0?
ASKER
I have considered changing the subnet mask. Are there any issues with doing that?
Not really. Until all existing clients update they will think the old mask is still valid and will not be able to talk to new client in the extended range. Depending on your DHCP lease and how many Static systems you have to update it could be a very quick shift.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You have a single switch stack with more than 254 ports ( All located at the same site)?
For the second subnet you added 192.168.1.x.
Can the client who gets the reservation ping the gateway on the ASA5510 (192.168.1.1)?