Assistance Configuring Cisco 3560 Out of the Box needed

I have a Cisco 3560 Switch I am trying to configure out of the box for Branch location that is connected via a Hardware VPN/Firewall.  

The firewall is assigned  The Switch is assigned  This network is the default VLAN1 (management).

I would now like to create a VLAN2 (for workstations) with the IP Address: but when I do so I get an IP Overlap error.  I am trying to breakdown my Class B, into Class C's.

What am I doing wrong?
You can't add a VLAN inside that network range.

You have to either change VLAN1 to be a smaller network range, or put VLAN2 outside that network range.

Since you said you want to break down your /16 into /24s, it would make sense to take that approach.
IF you can not change the upper 2 subnet masks, you will need to use an IP outside of that first range, which TimWinders shows.  If you change the second octet to any thing other then 30 you can use the /24 mask on the new range.  Otherwise his suggestion to change the /16 masks to /24s is the best way.

If you can't do that consider the 10.31.10.X/24 range etc.


This is kind of out my area...are you suggesting:
I am trying to keep everything in the branch office associated with a 10.30.x.x network if possible.
Those two networks would work, no problem.  But, if you are doing this remotely, make sure you can maintain connectivity to the switch if you change the VLAN1 network range.  If you change the range in the wrong order, you'll lose access to the switch.
The firewall network would have to become and the switch would which is the same network, as it is in the currently configured IP just reducing the total number of IPs used out of the block.  That way VLAN 2 could then become the 10.30.10.X/24 network which is now a different network, instead of a subset of the 10.30.X.X/16 network
Couldn't he just setup NAT and use one of his public IP address as a gateway. That way he can create his a class C network.
In this case, that wouldn't work, Paktusjet.  He wants to create both networks (VLANs) on the same device.  You can't have overlapping IP address space on the same device, thus his original question.

