Moving from class C to class B on our private network

[wowhead]

Anyone done this? What's the easiest way to go about this? I was hoping that I could create a new VLAN on our Cisco 3560s (using the same subnet but a different mask) & utilize InterVLAN routing until I could get around to changing all the static numbered hosts. I thought I was being slick & that avoiding a complete renumber

Since the switch won't let me do what I want I'm having to rethink this and so I thought I'd bounce this idea off of you & see what happens next.

 

[dearingkr]

My first question is...why?

It's not a good idea to have alot of devices on the same subnet; I prefer <200

It's better to segment your network into VLANs.
[ul]
[li]Better performance; smaller broadcast domains[/li]
[li]Easier troubleshooting[/li]
[li]Enhanced security[/li]
[/ul]

MCSE CCNA CCDA

 

[baddos]

You can't overlap the networks, but there is no reason why you couldn't add say another /24 subnet to a new vlan and setup intervlan routing on the switch.

 

[jneiberger]

As a mentor of mine always asks, what problem are you trying to solve? Are you planning on using /16 subnet masks on your interfaces? That's a gigantic subnet. I can't imagine that's what you're really thinking of doing.

Can you give us some more details?

 

[jneiberger]

Also, it's a good idea to get rid of classful thinking. There really is no such thing as a Class B or C subnet anymore. Think of them as /16 or /24. It will save you some headaches in the future.

 

[wowhead]

The reason I'm doing this is because we have simply out grown our /24. What I'm looking to accomplish is just changing our mask from C to B. I want more addresses but I want to weigh my options in order to minimize confusion and the work involved. Also, a side bennefit that I thought of is that it would be nice to use the 3rd octet to logically organize what kind of hosts they are (ie network gear, servers, printers, end users, SCADA, etc). So, who cares if it's huge, right? Surely having a large subnet available to you is much better than one that is too small to support your system.

 

[dearingkr]

No, having a single large network is not better.

There are several benefits to using VLANs.

VLAN architecture benefits include:
[ul]
[li]Increased performance[/li]
[li]Improved manageability[/li]
[li]Network tuning and simplification of software configurations[/li]
[li]Physical topology independence[/li]
[li]Increased security options[/li]
[/ul]

MCSE CCNA CCDA

 

[jneiberger]

I see what you're saying. We do something similar where I work. We use /21 subnets on our LANs, but not because we have a lot of hosts on each LAN. We use to enhance our numbering scheme exactly in the way you describe. Each /21 has eight /24s within it. In any given /21, one of the /24s is for servers, another is for DHCP clients, another for statically addressed clients, another for printers, or whatever.

Is that what you're talking about?

 

[wowhead]

Yea that sounds good. I'll have to look at a calculator to see how that breaks our current subnet up. System wide changes freak me out though, something always gets overlooked. Maybe a new VLAN just four our DHCP clients would be best...

 

[jneiberger]

Renumbering is definitely not something to be taken lightly, especially if you have a lot of devices. It can go well if you plan thoroughly and involve everyone who needs to be involved, but it can also cause some major headaches if you don't plan well.

 

[wowhead]

So I've now successfully created the new VLAN on each switch & given each swtich a unique IP on that subnet. The switches can ping each other on the new subnet. However, when I try and reconfigure my workstation to communicate on the new subnet I can't ping any of the new addresses on the new subnet.

We just recently did the same thing for a VOIP VLAN/subnet and it works fine, not sure what I missed...

 

[dearingkr]

You'll need to extend the VLANs to a layer 3 device to route the traffic.

What type (mfr & model) switches are you using?
What type (mfr & model) router/firewall are you using?


MCSE CCNA CCDA

 

[wowhead]

I've got 3560s and a 3745 router (Cisco).

 

[dearingkr]

Yes, trunk those VLANs to the router.
It will handle inter-VLAN routing.


MCSE CCNA CCDA

 

[wowhead]

So it seems I'm halfway there. When my workstation is configured to be on the native vlan, I can ping the new addresses on the new VLAN. However, when my workstation is configured to be on the new VLAN, I cannot ping any addresses (native or not). What gives? Ideas?

 

[wowhead]

One more thing I forgot to mention is that there is a 4506, w/ CatOS, in front of the router. I thought maybe the traffic wasn't being tagged for the new VLAN but the switches should be injecting that tag, correct?

 

[jneiberger]

Is the new VLAN configured on all the new switches? Is that VLAN being trunked? It should be unless you've manually disabled it.

Have you configured a layer three interface for that VLAN on your router?

Have you verified that the new IP address info has been configured properly on the hosts that moved to the new VLAN? If you have the subnet mask set incorrectly, you might not even have communication within the VLAN. You will also need to have the default gateway set correctly for communicating outside of the VLAN.

 

[baddos]

If there is a 4506, you should use it as your router instead of the 3745. It will be much faster.

Since it's a 4500 switch it runs IOS not CatOS, so to enable routing just do the following:

ip routing
interface vlan1
  ip address xxx.xxx.1.1 255.255.255.0
interface vlan2
  ip address xxx.xxx.2.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 x.x.x.x !put the ip of your internet router there

Point the nodes on the two vlans to use the switches appropriate vlan ip as their default gateways and you are all set.

 

[wowhead]

jneiberger:

Everything was previously setup for InterVLAN routing when I did my VOIP deploy previously. All I'm doing now is attempting to add another VLAN to the switches. I'm not sure I'm equipped to answer all your questions but I can attempt to answer some:

The VLANs are configured on all switches, as stated previously I can ping all the VLAN IPs under 2 circumstances (from the switches and when my workstation is configured to use the native vlan).

I created a sub-int on the router for this new VLAN & gave it a unique IP on that subnet (172.16.0.2/16).

As far as the gateway goes, that was one of the first things I double checked because I got hung up on that before when setting up the VLAN & our VOIP system.

baddos:

I assure you, the 4506 is running CatOS.

 

[baddos]

It would be optimal to do your routing on your layer3 4506 than to use sub interfaces on a 3745 router. All you need to do is create vlan interfaces (SVI) and the layer3 switch will have that new route in it's routing table already.

Post a "show version" of your 4506.