Solved

setting up multiple vlans on a subneted address range

Posted on 2013-01-15
4
300 Views
Last Modified: 2013-01-18
Ok so i feel like im looking at this in the wrong way. we have a 6509 which operates at layer two and three. i have an address lets say X.X.38.0 255.255.255.240 and i call this vlan "vlan 38 lets say i have used the first 14 addresses on the first network and i want to use the second network from .17-.30 how would implement a vlan for my second network if i have already used vlan 38.  Im assuming that the ip is associated with the vlan number because that how i have always created them, but we are growing fast and i want to be more practical on how i use our IPs. I have a feeling vlan and IP are not related but i just want to check...

the more detail the better thanks guys :-)
0
Comment
Question by:mattlast
  • 2
  • 2
4 Comments
 
LVL 24

Expert Comment

by:Ken Boone
ID: 38780824
So from a switch configuration perspective the vlan and ip address have no correlation what so ever. There is a valid range of numbers to use for a vlan ID and a valid range of IP addressess you use.

The vlan is strictly layer 2.  So if you have vlan 38 which is a layer 2 vlan, you probably have a layer 3 interface (SVI) set up on that switch for that vlan  i.e. Interface vlan 38

So vlan 38 is layer 2
interface vlan 38 is layer 3

You put your layer 3 address on the layer 3 interface which ties a specific IP network to that vlan.

So it makes it nice when your numbering schemes sync up if you will from a management persepctive.  So if you mask was a /24 i.e. 255.255.255.0 then it makes sense to maybe match the 3rd octet of the IP numbering scheme to the vlan ID.  This makes it easy for us to recognize what is what.  It is recommended to have some type of plan like this but it is not a necessity.

So in your case you took a /28 block of IP addresses and put it on vlan 38.
The next /28 block of IP addresses will be a different layer 3 network as well as it should be tied to a different layer 2 vlan.  So to make it work you simply need to create another vlan that is unique on your network and assign x.x.38.16/28 to it.  It doesn't matter what the vlan number is for this ip network as long as it is unique.

Is there a reason you are using small subnets?
0
 

Author Comment

by:mattlast
ID: 38780872
We have a small section or third party vendors that need devices in our DMz which all require different routes and restrictions. But thank you for you explanation I feel like I knew this but didn't want to assume because I don't have to do it often.
0
 
LVL 24

Accepted Solution

by:
Ken Boone earned 500 total points
ID: 38780915
Yea that makes sense.  I usually number my vlans to match the 3rd octet.  But I usually use a completely different block of addresses on the DMZ, and assign them to high number vlans that won't match anything else.
0
 

Author Closing Comment

by:mattlast
ID: 38793464
thanks for clearing that up
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now