Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Nest a subnet inside another subnet

Posted on 2013-02-05
5
Medium Priority
?
413 Views
Last Modified: 2013-03-15
I have a bunch of subnets in a corporate network. All subnets are different physical locations and are interconnected through an IP VPN managed by our ISP. We have one subnet that is running full: 172.26.76.0/24. Instead of supernetting it, which would require me to change subnet mask and change static IPs/netmask on all our equipment at this one location, i'd like to put a router inside the 172.26.76.0/24 net and put a new subnet behind it, e.g. 172.26.77.0/24. I'd then try to route all inside traffic from the 172.26.77.0/24 net to the 172.26.76.0/24 net. However, clientsin the 172.26.77.0/24 net also need to access resources in all other corporate subnets (172.26.1-180.0/24). How can this be routed?
0
Comment
Question by:i486dx266
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 38854642
Um, what you are talking about is standard IP routing.  The only thing I would like to clear up is the " .... corporate subnets (172.26.1-180.0/24) "

This makes it appear as if you have 180 subnets:

172.26.1.0/24
172.26.2.0/24
172.26.3.0/24

and so on up to :

172.26.178.0/24
172.26.179.0/24
172.26.180.0/24

If this is true, then  172.26.77.0/24 is one of the many subnets you have and routing would take place the same way it does now.

What are you confused about?
0
 

Author Comment

by:i486dx266
ID: 38854743
That,s true, we have about 180 subnets.

One can only have one subnet in one network segment/vLAN. To get two subnets in one vLAN one can supernet it. I do not want to do this as it's to much work.

With our current setup we only have one VPN connection for this site. In order to route two subnets, each in it's own vLAN/LAN we need two GW ports in the router from our ISP. This is not an option, nor can we route both subnets in one port (can't have 172.26.76.254 as GW on 172.26.77.0/24 subnet)
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38854770
What type of device do you have a the site with the 172.26.76.0/24 subnet?

A true router or a L3 swtich?
Whose and what model?

--> "... nor can we route both subnets in one port (can't have 172.26.76.254 as GW on 172.26.77.0/24 subnet) "

Depending on the devices you have you can actually do that.
0
 

Author Comment

by:i486dx266
ID: 38855146
Hi,

Yes, i know, technically we can do that. However that router is managed by our ISP so we have no access to it. They just assigned an IP to the LAN port of it and placed it in our site. (same for all sites). That's the issue. Of course we can request a change but that's a long process. I just wanted to know if my plan would work, because i could have it running in 2 hrs as opposed to 2 weeks with the ISP changes.

I made a sketch for clarification.

(Btw, our ISP uses cisco 3560 v2 sw as router)
subnets.gif
0
 
LVL 57

Accepted Solution

by:
giltjr earned 1000 total points
ID: 38855414
What provides the routing for the servers/clients in the box "These are the subnets in question"?  I don't see a L3 device that seems to provide that.

As for the subnets using the "main corp router", I am assuming to get to 172.26.76.0/24 subnet they end up pointing to "ISP GW" router.   In the "main corp router" you would just add a route for 172.26.77.0/24 that looks just like the route for 172.26.76.0/24.

Unfortunately since it looks like your ISP is providing routing for you at some point for 172.26.76.0/24 any ISP box that has a route fot that subnet needs to have a route added that says to get to 172.26.77.0/24 go to 172.26.76.250.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question