Subnetting for dummies

[bubarooni]

I have some, what I am sure are really basic, questions on the router setups I have inherited.

I have the following setup:

I am running frame relay through three sites. Each site has a 1750 router. Primary site has a NT DHCP server (running WINS also) and the other two sites are running Cisco DHCP off the router. I am using private addressing.

Interfaces for FastEthernet0
Site 1 - 192.168.1.1
Site 2 - 192.168.2.1
Site 3 - 192.168.3.1
Is this Class B addressing?

Interfaces for Serial0
Site 1 - 10.0.1.1
Site 2 - 10.0.1.2
Site 3 - 10.0.1.3
Is this Class C addressing?

Why use different addressing classes for the two interface types? Do these routers form a single network through the serial interfaces and does each router represent a single network through it fastethernet interface? Why do it this way?

The desired outcome is to be able to browse objects in the other subnets.

In a Cisco paper (Configuring IP) there is a section entitled 'Creating a Network from Seperated Subnets Example'. In this they discuss the use of secondary addresses to bring the subnets into a logical network. If I provide a Class C secondary address for each FastEthernet0 interface will this provide me with the desired outcome?

The satellite sites each have a static route like this:

ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.1.0 255.255.255.0 10.0.1.1
no ip http server

The primary site's router currently has static routes set as such:

ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 192.168.1.4 255.255.255.255 FastEthernet0
ip route 192.168.2.0 255.255.255.0 10.0.1.2
ip route 192.168.3.0 255.255.255.0 10.0.1.3
no ip http server


There is no routing protocol enabled. Is there any advantage or disadvantage to routing traffic to these subnets to the Serial0 interface?

Thanks in Advance

 

[wybnormal]

OK.. lets get one thing out of the way... you said "browse" the networks.. ie.. microsoft? If so, then you need more then subnetting.. if you plan to cross a router, you need to have either UDP 137 and 138 forwarded or use IP Helper to forward the packets. This also true if you plan to pass DHCP across the router or DNS ( UDP 53) across the router. Routers by their nature will not pass broadcast traffic.. in most cases ;-) there are always exceptions to any rule.

ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.1.0 255.255.255.0 10.0.1.1 ; not needed with the first default gateway route statememt.. it's redundent
no ip http server

The default route says "if I dont have a specific route, put it to this supernet" So really it's "anything I dont know about, send it out this port(next hop)".

The serial port and the ethernet port will know about each other by default as they are "connected" ports by the phyiscal hardware.


Interfaces for FastEthernet0
Site 1 - 192.168.1.1
Site 2 - 192.168.2.1
Site 3 - 192.168.3.1
Is this Class B addressing?; No.. class C

Interfaces for Serial0
Site 1 - 10.0.1.1
Site 2 - 10.0.1.2
Site 3 - 10.0.1.3
Is this Class C addressing?; No.. Class A

Are you asking why each interface has a different IP range?

MikeS


"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[bubarooni]

Yes, I do want to browse those other subnets and they are Microsoft. I plan on leaving the routers in charge of dhcp at the remote sites.

How do I forward the UDP. Is this UDP Flooding? I remember coming across that in the Cisco documentation I was reading earlier.

Rats on the classes. I didn't have either of them right. Thanks for letting me know.

I am not wondering about the different ip ranges really. I was wondering why the serial is, as it turns out to my chagrin, Class A and fastethernet is Class C. When I look at the serial's IP's they look as though they are part of the same network. The fastethernet's on the other hand appear to be subnets.

Will secondary addresses in the same subnet for each router provide me with any benefit at all? I think I'll go read that 'Routing IP' paper again.

Thanks again

 

[migueljr3]

Hey Bud,

Try learn2subnet.com it will brief you on
subnetting.

Hope that helps!

Mig

 

[bubarooni]

I'm on my way to that site now. Thanks for the tip.

 

[davidarndt]

While the 192.168 segments are in class C address space and the 10.0.0 segments are in class A, they are both being used with 24-bit subnet 255.255.255.0 subnet masks, so behave like class C addresses.

The reason those particular addresses are being used is that they're "private". That means that addresses with the first octet of decimal ten or the first two octets of 192.168 will never be assigned to hosts by any ISP (or by ICANN for that matter). They are also filtered by all backbone routers, and (in practice) all gateway routers. That means they won't be routed onto the Internet. There are good security reasons to use these inside as well as reasons relating to good husbanding of precious and dwindling supplies of available public IP addresses.

 

[abovebrd]

>>The desired outcome is to be able to browse objects in the other subnets.

It sounds like subnetting is not the problem at all.

Netbios is non routable protocal! Your routers will not route netbios broadcast. Because of this if you want the ability to browse thru your complete NT domain you need to run some sort of naming service. Windows provides a service called WINS. Set up a WINS server on each sunbet and yuor in buisness. DNS is also an option.

-Danny

 

[wybnormal]

Actually, NB is a routable protocol in the Cisco world, sortaof... They do some tricks to "re-wrap" the packet in order to route to the next subnet. This is the premise behind the IP HELPER-ADDRESS command. It will forward normally non-routable NB packets to either a single IP or a broadcast address.

Here is a sample of code:

C4500(config)#interface e0
C4500(config-if)#ip helper-address 192.168.192.6

This is a directed IP helper.. if the 192 address had ended in a 255 it would be broadcast to the 192.168.192.0 network as a broadcast packet.

These are the default ports forwarded by IP helper
Trivial File Transfer Protocol (TFTP) (port 69)


Domain Naming System (port 53)
Time service (port 37)
NetBIOS Name Server (port 137)
NetBIOS Datagram Server (port 138)
boot Protocol (BOOTP) client and server datagrams (ports 67 and 68)
TACACS service (port 49)
IEN-116 Name Service (port 42)

For authenication and browsing of BOTH sides, you need the IP helper on both ends.

You can do the roughly the same thing with bridge groups and DLSW. But it's messier then just using the IP helper.

MikeS
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[abovebrd]

yes in a technical sense you are correct.

However what effect would that have on the NT Domain.

Are you suggesting that this would be a work around for WINS. It sounds interesting.

Thanks for tip !



-Danny

 

[wybnormal]

It's a "work around" in the sense you dont need to roll out a bunch of NT servers with WINS services running or WINS proxies and so on. There are some caveats about this.. regarding master browser elections and so on. Cisco has a decent white paper about the details.

http://www.cisco.com/warp/public/473/winnt_dg.htm

This gives the gory details ;-)

MikeS
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[bubarooni]

If I use the IP Helper will that affect the way the machines on my subnets get their IP's? I am currently running DHCP at my primary site through WINNT and my routers are doling out the addresses at the satellite sites (Cisco DHCP).
I would like to keep this scheme and so long as the IP Helper won't affect this I'd like to give that a try.

 

[wybnormal]

It could.. you will need to set up the proper scopes and make sure the Windows DHCP is not assigning IPs in the same range that the routers are.

Or.. you can turn on IP helper and then block the UDP bootp protocol from being forwarded.

Like many things in networking.. more then one answer

MikeS
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[bubarooni]

Then one last question before I begin. It concerns domain names. Each router has it's own subnet but, it's domain name is not specified. Here at the 'main site' everyone has the same domain name specified on the 'Identification' tab under Network Neighborhod.

At the satellite locations the machines have a hodge podge of different domain/workgroup names including the domain name here at the 'main location'(they all use the Windows logon since there is no domain server to authenticate them).

If I give the router a domain name and these workstations workgroup name doesn't match will there be any problems crop up? What if a machine at a satellite location comes up with a workgroup name that is the same as my 'main location' (where my PDC is) but has a different subnet?

I suppose I should just go to each location and change the workgroup names to match but that will involve some serious travel time.

I suppose it boils down to this: Must different subnets have unique domain/workgroup names if the router is performing DHCP?

Thanks for your help and I will let you all know whether I succeed or wind up in the unemployment line.

 

[wybnormal]

No.. for example.. I have a small test network configured right now with 192.1.1.x and 192.168.50.x as two subnets.. ALL of the systems use the same domain name and NT DHCP server to get their IP addresses. Just set up the scopes you need for each range.. any global parmeters like default gateways etc. Make sure you can pass DHCP between the routers or the routers themselves provide the DHCP addresses to the PCs. Make sure you have ports 137/138 open between the routers for the NT authenication, WINS and so on.

MikeS
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[bubarooni]

Hey, the ip helper did the trick!

Pretty much anyway. I had one Win95 computer that thought it should be the master browser but I took care of that. The computers in the other subnets show up in Network Neighborhood noe, though I can't actually access the shares on the computers. I get a "\\ComputerName is not accessible The network path was not found" Still, that's real progress!! Thanks for the tips.

I have two follow up questions:

1. What would I need to do to access the shares on these computers. The only protocols I allowed to be forwarded were udp 137 and 138 for the ip helper. Should I have let one of the other udp ports pass through also?

2. I would like to be able to further refine this by having each remote location show up as its own domain icon which I could then double click and see the individual computers for that domain. There are a lot of computers in my Network Neighborhood now and this would give me a bit better organization.

Thanks again for all the help!

 

[bubarooni]

Just trying to keep it up towards the top of the list in hopes that someone can answer my two follow-up questions posted above.

 

[bubarooni]

Hey, the ip helper did the trick!

Pretty much anyway. I had one Win95 computer that thought it should be the master browser but I took care of that. The computers in the other subnets show up in Network Neighborhood noe, though I can't actually access the shares on the computers. I get a "\\ComputerName is not accessible The network path was not found" Still, that's real progress!! Thanks for the tips.

I have two follow up questions:

1. What would I need to do to access the shares on these computers. The only protocols I allowed to be forwarded were udp 137 and 138 for the ip helper. Should I have let one of the other udp ports pass through also?

2. I would like to be able to further refine this by having each remote location show up as its own domain icon which I could then double click and see the individual computers for that domain. There are a lot of computers in my Network Neighborhood now and this would give me a bit better organization.

Thanks again for all the help!