Solved

Secondary address range

Posted on 2012-03-26
9
332 Views
Last Modified: 2012-05-12
Hello

The network I've inherited has the following:

interface Vlan7
 ip address 192.168.125.10 255.255.255.0 secondary
 ip address 192.168.7.13 255.255.255.0
 ip route-cache same-interface


My question is: Even tho they are non-contiguous, from a routing view aren't they
within the same subnet and therefore not necessarily need a router to communicate between devices, one using .7 and the other using .125??
0
Comment
Question by:s_coad5
  • 6
  • 2
9 Comments
 
LVL 11

Assisted Solution

by:gmbaxter
gmbaxter earned 167 total points
ID: 37765926
they are separate class C networks:

192.168.125.10/24
192.168.7.13/24

If they were sub-netted with /16, they would then be within the same network.
0
 

Author Comment

by:s_coad5
ID: 37766045
Hmm

Vlans are logical subnet, so two seperate ip ranges under 1 Logical subnet seems
confusing. The switches only have Vlan 7 on trunks, but the .125 network is up and running.

It wasn't until the default gate-way was admin downed, that we noticed that we could not ping between the 2 ranges.

Seems odd!
0
 

Author Comment

by:s_coad5
ID: 37766991
Servers on .7 network cannot ping servers on .125 network. Since both are on same vlan It's not like I can add the 125 vlan to trunk. I imagine I will need to breakup the Vlan 7 and create a new Vlan 125, then add vlan 125 to trunks.
0
 

Author Comment

by:s_coad5
ID: 37766999
Is there a way to adda static in oder for this communication between .7 and .125 to work in the mean time?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 333 total points
ID: 37767927
1. The only way the two ranges can communicate is by having a real LAN Router to route between them.  As far as the Server itself,...they are both on the same Nic,...so hitting the server on one IP is the same as hitting it on the other IP,...they both "ARP" back to the same MAC,...and in reality,...it is the MAC that machines actually communicate over,..not the IP#.

2. Fundamentally,...what you have,...from the beginning,...is just plain "BAD".   You need to find out why this was done in the first place and then find a more proper way to deal with the situation (whatever in the world that situation was) so that you no longer have this kind of network setup.   You need to get rid of it so that you have a normal IP Config,...that is ultimately the proper solution to the whole situation.
0
 

Author Comment

by:s_coad5
ID: 37768094
I agree it is "Bad". So, the only way to rectify this is to remove the secondary ip off current vlan 7 and then create new vlan 125 makiing sure this new vlan is trunked etc...?
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 333 total points
ID: 37768327
I agree it is "Bad". So, the only way to rectify this is to remove the secondary ip off current vlan 7 and then create new vlan 125 makiing sure this new vlan is trunked etc...?

I can't really answer that.  You have to find out why someone did it that way in the first place,...and then change the circumstances of the environment so that doing such a thing is no longer required.  You can't just get rid of it without knowing what you might break if you did so.
0
 

Accepted Solution

by:
s_coad5 earned 0 total points
ID: 37771841
Ok

After some investigation, I contacted designers of this network. They stated the following:

"The secondary IP address was configured because of how the network was configured "before" the Cisco switches were installed.
Prior to the Cisco switch installation there was a single logical and physical network segment with devices in either the 192.168.125.0 "OR" the 192.168.7.0 subnets.
 
The AT&T router at Data Center was actually configured with the multiple secondary IP Subnets. After discovering this, we added the Secondary interface on the
“DataCenter_3750G-Internet” switch.


The reason the “DataCenter_3750G-Internet” switch has Secondary IP Address included is because:

Prior to our engagement, additional IP address space was needed and the existing switch infrastructure was not able to be configured with multiple VLANs.
During the night of the installation, with the time available, we could not identify every end-device with a 192.168.125.X IP address down to the switchport level,
create a new VLAN and assign all of the end-devices to the new VLAN.

The secondary IP address was configured on the switch to hopefully achieve higher throughput than low end AT&T router"

Based on this, would it be ok to remove the .125 range and create a new vlan for it?
0
 

Author Closing Comment

by:s_coad5
ID: 37959974
thanx
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now