Assistance Configuring Cisco 3560 Out of the Box needed

ohmErnie
ohmErnie used Ask the Experts™
on
I have a Cisco 3560 Switch I am trying to configure out of the box for Branch location that is connected via a Hardware VPN/Firewall.  

The firewall is assigned 10.30.0.1/16.  The Switch is assigned 10.30.0.2/16.  This network is the default VLAN1 (management).

I would now like to create a VLAN2 (for workstations) with the IP Address: 10.30.10.1/24 but when I do so I get an IP Overlap error.  I am trying to breakdown my Class B, into Class C's.

What am I doing wrong?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
10.30.0.1/16 included the entire network range:

10.30.0.0 - 10.30.255.254

You can't add a VLAN inside that network range.

You have to either change VLAN1 to be a smaller network range, or put VLAN2 outside that network range.

Since you said you want to break down your /16 into /24s, it would make sense to take that approach.
IF you can not change the upper 2 subnet masks, you will need to use an IP outside of that first range, which TimWinders shows.  If you change the second octet to any thing other then 30 you can use the /24 mask on the new range.  Otherwise his suggestion to change the /16 masks to /24s is the best way.

If you can't do that consider the 10.31.10.X/24 range etc.

Author

Commented:
This is kind of out my area...are you suggesting:
10.30.0.1/24
and
10.30.10.1/24
I am trying to keep everything in the branch office associated with a 10.30.x.x network if possible.
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Those two networks would work, no problem.  But, if you are doing this remotely, make sure you can maintain connectivity to the switch if you change the VLAN1 network range.  If you change the range in the wrong order, you'll lose access to the switch.
The firewall network would have to become 10.30.0.1/24 and the switch would 10.30.0.2/24 which is the same network, as it is in the currently configured IP just reducing the total number of IPs used out of the block.  That way VLAN 2 could then become the 10.30.10.X/24 network which is now a different network, instead of a subset of the 10.30.X.X/16 network
Couldn't he just setup NAT and use one of his public IP address as a gateway. That way he can create his a class C network.
In this case, that wouldn't work, Paktusjet.  He wants to create both networks (VLANs) on the same device.  You can't have overlapping IP address space on the same device, thus his original question.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial