Solved

Nest a subnet inside another subnet

Posted on 2013-02-05
5
402 Views
Last Modified: 2013-03-15
I have a bunch of subnets in a corporate network. All subnets are different physical locations and are interconnected through an IP VPN managed by our ISP. We have one subnet that is running full: 172.26.76.0/24. Instead of supernetting it, which would require me to change subnet mask and change static IPs/netmask on all our equipment at this one location, i'd like to put a router inside the 172.26.76.0/24 net and put a new subnet behind it, e.g. 172.26.77.0/24. I'd then try to route all inside traffic from the 172.26.77.0/24 net to the 172.26.76.0/24 net. However, clientsin the 172.26.77.0/24 net also need to access resources in all other corporate subnets (172.26.1-180.0/24). How can this be routed?
0
Comment
Question by:i486dx266
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 38854642
Um, what you are talking about is standard IP routing.  The only thing I would like to clear up is the " .... corporate subnets (172.26.1-180.0/24) "

This makes it appear as if you have 180 subnets:

172.26.1.0/24
172.26.2.0/24
172.26.3.0/24

and so on up to :

172.26.178.0/24
172.26.179.0/24
172.26.180.0/24

If this is true, then  172.26.77.0/24 is one of the many subnets you have and routing would take place the same way it does now.

What are you confused about?
0
 

Author Comment

by:i486dx266
ID: 38854743
That,s true, we have about 180 subnets.

One can only have one subnet in one network segment/vLAN. To get two subnets in one vLAN one can supernet it. I do not want to do this as it's to much work.

With our current setup we only have one VPN connection for this site. In order to route two subnets, each in it's own vLAN/LAN we need two GW ports in the router from our ISP. This is not an option, nor can we route both subnets in one port (can't have 172.26.76.254 as GW on 172.26.77.0/24 subnet)
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38854770
What type of device do you have a the site with the 172.26.76.0/24 subnet?

A true router or a L3 swtich?
Whose and what model?

--> "... nor can we route both subnets in one port (can't have 172.26.76.254 as GW on 172.26.77.0/24 subnet) "

Depending on the devices you have you can actually do that.
0
 

Author Comment

by:i486dx266
ID: 38855146
Hi,

Yes, i know, technically we can do that. However that router is managed by our ISP so we have no access to it. They just assigned an IP to the LAN port of it and placed it in our site. (same for all sites). That's the issue. Of course we can request a change but that's a long process. I just wanted to know if my plan would work, because i could have it running in 2 hrs as opposed to 2 weeks with the ISP changes.

I made a sketch for clarification.

(Btw, our ISP uses cisco 3560 v2 sw as router)
subnets.gif
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 38855414
What provides the routing for the servers/clients in the box "These are the subnets in question"?  I don't see a L3 device that seems to provide that.

As for the subnets using the "main corp router", I am assuming to get to 172.26.76.0/24 subnet they end up pointing to "ISP GW" router.   In the "main corp router" you would just add a route for 172.26.77.0/24 that looks just like the route for 172.26.76.0/24.

Unfortunately since it looks like your ISP is providing routing for you at some point for 172.26.76.0/24 any ISP box that has a route fot that subnet needs to have a route added that says to get to 172.26.77.0/24 go to 172.26.76.250.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question