Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

One Vlan with two /24 subnets

Posted on 2014-02-11
7
Medium Priority
?
280 Views
Last Modified: 2014-02-21
Hi,
I'm working on this project where I'm moving L3 off some Foundry equipment and I noticed that someone configured a few of them to use the same VLAN33 but they both have different subnets.  So, 192.168.11.0 /24 and 192.168.22.0/24.  

When I move L3, I configure the subnet on two 6509-E's because that's how they do it around here.  So.. with two different subnets using the same VLAN33, I'm sort of wishing I'd found out about this a while ago as I need to figure this out in my lab before I write up a plan.  Was wondering if any experts had some suggestions.  

Thanks,
R
0
Comment
Question by:rotarypwr
  • 5
7 Comments
 

Author Comment

by:rotarypwr
ID: 39852379
Was thinking I would just split up the VLAN, one for each subnet, so it would look like this:
Get rid of Vlan 33
Create Vlan 11 and
Vlan 22

Assign the ports to their new VLANs and make sure that those ports remain in the same subnet.  This way I can just add a respective VRRP config for the respective and now separate VLANs and I'll be able to adhere to the standards where I am doing this job. ??
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 39852573
previously on the foundry, same VLAN was using same subnet? Did you check if one of those VLAN/sub-interface/interface was shutdown? Most probably one of those was.

Regarding your plan, that would be the design to pursue. Each subnet is assigned their own VLAN. You won't be able to use the same VLAN for two different subnet, the device wont allow it stating subnet overlaps.

on the 6509, each VLAN is configured with an SVI interface, it is on the SVI where you'll configure the VRRP.

let me know if you have any questions, glad to help out.
0
 
LVL 7

Expert Comment

by:unfragmented
ID: 39852726
@rotarypwr: i think you're on the right track.  If you're in a corporate environment, make sure you communicate your change and do some detailed testing after.  There are some protocols that rely on layer 2 (often broadcasts) that won't work the same with layer 3 separation.  Thinking of things like windows name resolution, multicast heartbeats etc.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Accepted Solution

by:
rotarypwr earned 0 total points
ID: 39863778
OK,

So here's what I ended up doing as I was not permitted to break up the vlans.  I did a little research on VRRP and between the two 6500-E's here's what I did:



int vlan 33
ip address 192.168.11.2 255.255.255.0
ip address 192.168.22.2 255.255.255.0 secondary
desc Switch 1
ip helper-address 192.168.27.5
vrrp 33 ip 169.230.11.1
vrrp 33 ip 169.230.22.1 secondary
vrrp 33 timers advertise 3
vrrp 33 timers learn
no vrrp 33 preempt
vrrp 33 priority 120
no shut

int vlan 33
ip address 192.168.11.3 255.255.255.0
ip address 192.168.22.3 255.255.255.0 secondary
desc Switch 2
ip helper-address 192.168.27.5
vrrp 33 ip 169.230.11.1
vrrp 33 ip 169.230.22.1 secondary
vrrp 33 timers advertise 3
vrrp 33 timers learn
no vrrp 33 preempt
vrrp 33 priority 100
no shut

No problems and it works nicely.

Thanks,
R
0
 

Author Comment

by:rotarypwr
ID: 39863781
just added an edit for security reasons.
0
 

Author Comment

by:rotarypwr
ID: 39863782
none
0
 

Author Closing Comment

by:rotarypwr
ID: 39876316
The solution was not provided but I was able to finally find it on my own entirely.
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question