2 Subnet On One Interface?

[DesertWanderer]

Greetings,

I am taking my 3rd semester in CCNA and am having a problem with my ip range not having enough hosts for my users. I was told by my instructor that I can have two subnet on a single interface using subinterface; however, I have not been able to find any info on this.

Brief run down.
I have an IP address with 30 host I have 40 devices to assign an IP to, this segment has three switches that are truck and have 3 VLANs set. I have not spec'd specific equipment yet. Any help would be greatly appreciated.

Scott

 

[vipergg]

Yeah you can do that but you would have to trunk that single interface down to a switch and break it out from there . You also have the simple solution of putting a secondary address on the interface and you can accomplish this without using a subinterface . The subinterface way gives you alittle more flexibility if you want to put access lists on the interfaces tyo control traffic .

 

[wybnormal]

see this snippet of code:

Router 1
!
interface serial 0
ip address 192.0.0.1 255.255.255.0
ip address 192.0.0.2 255.255.255.0 secondary ! second route on same interface

What we have done is used the secondary command which allows us to have multiple IP subnets on the same phyiscal interface. This works on serial and ethernet interfaces. I have done this many, many times. It is a good way to migrate to a new IP range with miminal impact to the users. OR as in this case, add a few more IPs when you come up short.

Mike S


Find me at

http://www.packetattack.com

"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu

 

[billwatts]

As the previous posts have stated, there are two ways to do this. Secondary interfaces and subinterfaces.

Secondary interface:
wybnormal's post is incorrect-If you add a secondary interface to a router, it must be in a different subnet. So a correct example would be:

interface serial 0
ip address 192.0.0.1 255.255.255.0
ip address 192.0.1.1 255.255.255.0 secondary

This would create both the 192.0.0.0/24 and 192.0.1.0/24 subnets on the physical interface. Then, any host connected to that interface would have either 192.0.0.1 or 192.0.1.1 as the gateway address. The router would then route traffic between the two subnets (even though it is in reality just putting it back on the same wire.)

Subinterfaces
As vipergg stated, the above is the easier way. However, if you wanted to go the subinterface route, here's an example:

interface FastEthernet0/0.1
encapsulation dot1Q 100
ip address 10.0.0.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1Q 200
ip address 10.0.1.1 255.255.255.0
!

Then, that physical interface needs to connect to a switch that is trunking (switchport mode trunk). Now, any host you want in the 10.0.0.0/24 subnet needs to be placed in vlan 100 (the number after the dot1q is the vlan that subinterface is in) and any host you want in the 10.0.1.0/24 subnet needs to be placed in vlan 200.

That approach has certain benefits over secondary interfaces such as access-lists as vipergg mentioned.

Hope that helps.
Bill Watts

 

[DesertWanderer]

I greatly appreciate your help, and will apply the changes to my design.

Thanx Agian

 

[DesertWanderer]

Do you know what IOS version supports these commands?

 

[wybnormal]

Sorry about the mistype on my part Bill is correct in pointing out that it must be different subnets.

Subinterfaces can work.. each has a strength and weakness. If I recall correctly, the older routers with only 10base interfaces can not do subinterfaces.. that was a Fastethernet only feature? I have not think about this in a long while.

MikeS

Find me at

http://www.packetattack.com

"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu

 

[billwatts]

802.1Q support started in 12.0T. It is available on a 1710, 1751, or any 2600 or 3700 series. So if your lab is full of 2500s (as a lot of labs are) then you may need to stick with secondary addresses.

I believe Mike is correct on needing a FastEthernet interface to do dot1q subinterfaces also. Not sure about ISL. . .

 

[myng94]

Desert, below is an example of a setup I completed with 3 subnets, with DHCP and NAT, the access-list I included prevents the subnets from communicating, if you want communication b/w the subnets leave the access-list out.

ip dhcp pool x
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
domain-name .com
dns-server x.x.x.x
!
ip dhcp pool y
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
domain-name .com
dns-server x.x.x.x
!
ip dhcp pool z
network 192.168.40.0 255.255.255.0
default-router 192.168.40.1
domain-name .com
dns-server x.x.x.x

interface FastEthernet0/0
ip addressx.x.x.x y.y.y.y
no ip redirects
ip nat outside

interface FastEthernet0/1
no ip address
speed 100
full-duplex
!
interface FastEthernet0/1.1
encapsulation dot1Q 2
ip address 192.168.20.1 255.255.255.0
ip access-group 120 in
ip nat inside
!
interface FastEthernet0/1.2
encapsulation dot1Q 3
ip address 192.168.30.1 255.255.255.0
ip access-group 130 in
ip nat inside
!
interface FastEthernet0/1.3
encapsulation dot1Q 4
ip address 192.168.40.1 255.255.255.0
ip access-group 140 in
ip nat inside
!
ip nat inside source list 180 interface FastEthernet0/0 overload

access-list 120 deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 120 deny ip 192.168.20.0 0.0.0.255 192.168.40.0 0.0.0.255
access-list 120 permit ip any any
access-list 130 deny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 130 deny ip 192.168.30.0 0.0.0.255 192.168.40.0 0.0.0.255
access-list 130 permit ip any any
access-list 140 deny ip 192.168.40.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 140 deny ip 192.168.40.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 140 permit ip any any
access-list 180 permit ip 192.168.20.0 0.0.0.255 any
access-list 180 permit ip 192.168.30.0 0.0.0.255 any
access-list 180 permit ip 192.168.40.0 0.0.0.255 any

 

[Denda]

Bill Watts or myng94 -

any chance I can get some advice on the following post:

http://www.tek-tips.com/viewthread.cfm?qid=954072&page=1

I would really appreciate it. Thanks