Need to add a new subnet - should be an easy one for someone!

[Denda]

We run DHCP & are currently running out of ip addresses to lease out. We would like to add another subnet to our LAN/WAN. I need to know how to do this on our CISCO routers & switches. I've heard it can get pretty hairy & I want to make this as smooth of a change as possible.

We would like to add the following subnet 255.255.252.0 & then divide up the subnets like so
static - 10.53.1.0/22
DHCP - 10.53.2.0/22
Future - 10.53.3.0/22
10.53.10.0/24 - Remote Site DHCP

Below is one of our running configs.

version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router01
!
enable secret 5 $1$79Wi$JHwsUAyctldXVEMf.vDTd/
!
!
!
!
!
clock timezone EST -5
clock summer-time EDT recurring
!
spanning-tree vlan 1 priority 100
ip subnet-zero
ip domain-name company.com
ip name-server 10.53.1.XXX
ip name-server 10.53.1.XXX
cluster enable ETHER 0
cluster member 1 mac-address 0001.9656.8d00
cluster member 2 mac-address 0001.9665.bf80
cluster member 3 mac-address 0001.96a2.fe40
cluster member 4 mac-address 0001.96b1.0cc0
cluster member 5 mac-address 0001.9653.dcc0
cluster member 6 mac-address 0001.9653.e140
cluster member 7 mac-address 0001.9643.1900
cluster member 8 mac-address 0001.9653.d500
cluster member 9 mac-address 0001.9653.f780
cluster member 10 mac-address 0001.96a3.3780
cluster member 11 mac-address 0001.9665.e380
cluster member 12 mac-address 0006.2819.ec00
!
cluster order 0,4,6,10,9,2,1,3,5,8,7,11,12
!
!
interface GigabitEthernet0/1
duplex full
!
interface GigabitEthernet0/2
duplex full
!
interface GigabitEthernet0/3
duplex full
!
interface GigabitEthernet0/4
duplex full
!
interface GigabitEthernet0/5
duplex full
!
interface GigabitEthernet0/6
duplex full
!
interface GigabitEthernet0/7
duplex full
!
interface GigabitEthernet0/8
duplex full
!
interface VLAN1
ip address 10.53.1.XXX 255.255.255.0
no ip directed-broadcast
ip nat outside
!
ip default-gateway 10.53.1.XXX
ip nat inside source list 199 interface VLAN1 overload
logging 10.53.1.XXX
access-list 199 dynamic Cluster-NAT permit ip any any
snmp-server engineID local 000000090200000196347640
snmp-server community cosnmp RO
snmp-server community cosnmp@es0 RO
snmp-server location Server room
snmp-server contact
snmp-server chassis-id 0x13
snmp-server host 10.53.1.XXX trap twbsnmp tty vlan-membership config c2900 vtp snmp

Any suggestions will be greatly appreciated. Thanks

 

[Denda]

I posted a switch config, instead of my router config. Here's my router config..

version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router01
!
enable secret 5 $1$Arg1$h5x/MApKDxtj7UkuVk/vf.
!
!
!
!
!
memory-size iomem 15
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
no ip finger
ip domain-name company.com
ip name-server 10.53.1.XXX
ip name-server 10.53.1.XXX
!
ipx routing 0030.9499.6e81
isdn voice-call-failure 0
!
!
controller T1 1/0
!
controller T1 1/1
!
!
!
!
interface Loopback0
ip address 10.250.53.1 255.255.255.255
!
interface Ethernet0/0
no ip address
no mop enabled
!
interface Serial0/0
ip address 10.53.53.1 255.255.255.0
encapsulation ppp
no ip mroute-cache
no fair-queue
service-module t1 clock source internal
service-module t1 timeslots 1-24
!
interface TokenRing0/0
no ip address
shutdown
ring-speed 16
!
interface FastEthernet1/0
ip address 10.53.1.1 255.255.255.0
speed 100
full-duplex
ipx network 5301A encapsulation ARPA
ipx network 5302 encapsulation SAP secondary
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.53.1.2
ip route 10.53.10.0 255.255.255.0 10.53.53.2
ip route 170.103.144.0 255.255.255.0 10.53.1.2
ip route 172.16.53.0 255.255.255.0 10.53.1.2
no ip http server
!
logging 10.53.1.XXX
snmp-server engineID local 000000090200003094996E81
snmp-server community 2bprivate RW
snmp-server community enemy#1 RO
snmp-server community cosnmp RO
snmp-server contact
snmp-server chassis-id router01
snmp-server host 10.53.1.45 SNMPv1

 

[woodraith]

I do not have any config help..... BUT
You should remove ALL passwords from any config posted.
Also some people also block out one octet of any live IP addresses.

good luck

 

[cdcents]

You could create multiple VLAN's on your switches to support the different subnets you intend creating. But it looks like you have only a single fast Ether net interface on your router which may slow things down a bit.
One option is to create multiple subinterfaces on your router Fast Ethernet port and route between them. The other option (a better one) is to use a Layer 3 switch. This could be a 3550 or a 3750. If you have any of these you are in business.
To create VLAN's from a privileged exec mode prompt (#) type in
vlan database
vlan 1 name Static
vlan 2 name DHCP
vlan 3 name Future
exit
The names and numbers of the subnets can be changed to your liking. Note that the above config will not change your existing static subnet.

If you do have a L3 switch then you can configure the individual VLAN's on the switch as follows
At the interface configurtion prompt
int vlan 2
description DHCP Subnet.
ip address 10.53.2.1 255.255.255.0
ip helper-address 10.53.x.x
ip helper-address 10.53.y.y

int vlan 3
description Future Subnet.
ip address 10.53.3.1 255.255.255.0
ip helper-address 10.53.1.x
ip helper-address 10.53.1.y

the ip-helper addresses are for your DHCP servers if they reside in the static subnet.

The same concept can be used to create subinterfaces on your router if that is the way you should be going.

 

[cdcents]

Sorry forgot to add that you would have to do the vlan database part on every switch on your network. Then you need to assign specific devices to specific VLAN's Do this using the command
int fa0/x (or gi0/x)
switchport access vlan x (Replace the x as necessary. Remember by default all ports are on VLAN 1)

You will also need to set the ports that interlink the switches to trunk all VLANS. The command is
int fa0/x (or gi0/x)
switchport trunk encapsulation dot1q
switchport mode trunk

When I first did this I had a lot of reading to do to get it right.

 

[Denda]

woodraith -
Thanks for the advice the internal ip's aren't scaring me to have here. no biggie. A digit is taken out of the pwds.

cdcents -
YIKES! I REALLY need to do some reading, don't I? Ugh! The advice for the VLAN is great. I'll read some more, but that's more than likely what I am going to do. Thanks a ton.

 

[Denda]

cdcents -
Got a question for you.. Can I just add the following 10.53.2.XX & 10.53.3.XX to my existing 10.53.XX.XX lan & keep the class c subnet 255.255.255.0? What downfalls do you see happening with this setup? Thanks a ton

 

[Namekian]

What you could do if you don't want to take the VLAN route, you could assign another ip to your interface on your router.
Example:

int fa0/0 ip add 172.16.4.1 255.255.255.192 (this is /26)
no shut
ip add 172.16.4.65 255.255.255.192 secondary

This will allow you to seperate the networks, at least out beyond the router. The only way to seperate at the switch would be vlan, or possibly ACLs if your switch can handle them.
The downside to this will be your dhcp would pretty much be scrapped. You can have a seperate box or even some switchs can do this, act as the dhcp server, or go static and match the ips with the mac address, which ever you prefer.

 

[Denda]

Thanks namekian. That definately makes sense. I was just enlightened why I can't to what I want, because I really do not want the networks to be separate & to do what I suggested above would require physically separated networks. My bad, I'm getting confused the more I read... ) Thanks again.

 

[Namekian]

Hows this then for yea, you have two options.
1. Do what I mentioned above and but the secondary ip network as your static. Create more secondary ips, you can create as many as you like, and slap multi DHCP servers up on your router. The upside to this would be that you will not run out of leases, for when one scope is full it will start handing out from another pool. Downside, you really don't have control over who gets what from what pool

2. Create VLANS on your switch and trunk them on your router. This way you can create subinterfaces and set up dhcps for what ever subinterface you want. Upside you have control over who gets what, downside, you will have to have the router grant access between the networks, it could in a large network create bandwith issues.

 

[Denda]

OK - What am I missing here? I've added the new VLANS on the switch as follows:
VLAN2 10.53.2.X 255.255.252.0
VLAN3 10.53.3.X 255.255.252.0

These are in addition to the current network of
10.53.1.X 255.255.255.0 (Default VLAN1)

I've also done the following on the switch port:
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan all

I've tested traffic internally between this one switch & a server that I have changed the subnet from 255.255.255.0 to 255.255.252.0 & a pc within the same subnet (255.255.252.0), also a pc within the current subnet (255.255.255.0) & everything is communicating properly.

I now want to update our 3640 router with this information, so we can test this from our Remote site, & the router is not taking what I'm trying to shove down it's throat. I'm sure I'm missing something, but I don't know what... Here's what I'm trying to do, maybe I'm doing it all wrong.

ROUTER01#config t
Enter configuration commands, one per line. End with CNTL/Z.
ROUTER01(config)#int fa1/0.1
ROUTER01(config-subif)#ip address 10.53.2.X 255.255.252.0
10.53.0.0 overlaps with FastEthernet1/0
ROUTER01(config-subif)#^Z
ROUTER01#show vlan

Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet1/0.1

Protocols Configured: Address: Received: Transmitted:

Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet1/0.2

Protocols Configured: Address: Received: Transmitted:


I keep getting the '10.53.0.0 overlaps with FastEthernet1/0' message & then the ip address doesn't stick. The 10.53.0.0 is our existing network on subnet 255.255.255.0. The VLANS are showing up, but with no ip addresses/subnet allocation. Maybe I'm setting up the communication wrong on the router side.

Any advice would be greatly appreciated. Thank you so much.

 

[Namekian]

You have to add the encapsulation to the subinterface:
encap dot1Q <number>
<then you put the IP address and mask>

 

[Denda]

Thanks for the quick reply, but it still didn't work.

ROUTER01#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ROUTER01(config)#int fa1/0.1
ROUTER01(config-subif)#encapsulation dot1q 1
ROUTER01(config-subif)#ip address 10.53.2.X 255.255.252.0
10.53.0.0 overlaps with FastEthernet1/0
ROUTER01(config-subif)#

UGH!

 

[Namekian]

Ah, I see the problem you are running into a subnet issue.
10.53.2.X is in the same network as 10.53.0.X
Try using this IP in your subinterface: 10.53.4.X

 

[Denda]

OK - help me out here, where do you see that 10.53.2.X is in the current network at 10.53.0.X? I was able to add it at the switch level & didn't have any issues & it's working internally.

I thought I had it down, but obviously this type of work is not for the 'IP Addressing Timid'. )

 

[Namekian]

Alright, I will try to explain it, bear with me though
You have a class A address 10.0.0.0, the default subnet for it is /8 meaning 8 bits out of the 32 is reserved.
x=you cant change
h=host
xxxxxxxx.hhhhhhhh.hhhhhhhh.hhhhhhhh = /8 subnet. You can change the host pretty much however you want, but you cannot change the subnet, the xs.

You have a /22 subnet with the 10.53.0.0.
x=you cant change
h=host
s=subnetted subnet
xxxxxxxx.|ssssssss.ssssss|hh.hhhhhhhh
Again, you cant change the xs and you can change the hs however you want. However, here you can change the s, and that is what gets you your new network.
Example:
10.0.0.0/22
10.0.4.0/22
10.0.8.0/22
etc.(adding 4 to the third octate)
Each subnet you create is in a different network.

With this:
10.0.0.0/22
10.0.1.0/22
10.0.2.0/22
10.0.3.0/22
are all in the same network because the last 2 bits in the third octate are host bits, the address you would assign to a computer or whatever.

When creating subinterfaces, you have to put each ip address you assign into a different network because it create conflicts with whatever port you have already in that network, and basically there is no real point in having two interfaces on the same network anyhow.

With the swtich you can assign interfaces and such on the same network because all that does is seperate the ips in that network for Vlans and such.
Example if you want 10.153.2.0 to be seperate from 10.153.1.0, but again there really isn't a need to do this when you have a router that can support subinterfaces and Vlans.

 

[Denda]

I understand what you're saying here. I'm gonna print that out, it's a nice quick reference. BUT, back to the point at hand, I want all them all in the same network. I just need more IP addresses (original post), which is the reason for the subnet change of 255.255.255.0 to 255.255.252.0. Maybe I've taken a left turn, when I wanted to take a right. ) I'm not looking to 'separate' the original network 10.53.1.X for security or anything else, just need more ip's.

I wanted to be able to not affect the current network 10.53.1.X & 10.53.10.X while bringing systems one by one over to the new subnet.

I've accomplished internally the separate subnet's talking to each other which now gives us more IP addresses, BUT I need my remote site (10.53.10.X) to be able to talk to these new subnet's also, which needs to be routed through the 3640.

I'm sorry if I'm becoming a 'pain in the a**' with my novice questions, but it seems like it shouldn't be this hard. Yes, I know... Welcome to Subnetting... )

 

[Namekian]

Its not really subnetting issue, its a real world issue, at least until IPv6.
If all you are wanting is more ips just step up another DHCP pool one for 10.153.0.0 and one for 10.155.4.0. When one runs out of ips, the other should start giving. They will be two different networks, but they will work as if one.
Remember though to put a secondary IP on the port on the router though for the second gateway.

 

[Denda]

oh, my goodness! Is it really that easy? We don't have to change our subnet at all, just add another DHCP pool? Interesting... I wonder why my Windows guy didn't know this or 'decided against it'. Let me talk to him & see what he says. Thanks a TON! Namekian....

 

[Denda]

Do we keep the subnet the same 255.255.255.0?