How can I run 2 subnets within 1 network? [7:7967]
Hello group, I'm trying to get ideas for a network design. Essentially, there would be two networks, lets say 172.0.0.0 network and the 192.0.0.0 network. What I'm looking to accomplish is to have about 8 routers interconnected together, and both networks would run through them. However, each network is not allowed to learn about the other. That is, if I'm in the 172 network, I cannot ping hosts in the 192 network. Each router would have a switch, that would separate the two networks into two vlans, so hosts in one vlan cannot reach the other. It gets complicated when the traffic needs to be routed to another router. I hope I made sense, if I didn't, then please feel free to email me. Regards, Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=7967t=7967 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How can I run 2 subnets within 1 network? [7:7967]
I guess you should try integrated routing and bridging (IRB) , running two bvi interfaces for each network. Go to CCO and do search on Configuring IRB. I think this mught work, but you would have to go to your lab and try it out. I don't think that it will be possible for you to have two vlans then on your switch,because , in that case, when you are running IRB, you cannot have ISL nor 802.1q. Dragi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=7978t=7967 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How can I run 2 subnets within 1 network? [7:7967]
Use OSPF as the routing protocol, and use authentication using one password for the one network and a different one for the other network. Then you would have a great IGP, and you can control who it talks to. Brian From: Albert Lu Reply-To: Albert Lu To: [EMAIL PROTECTED] Subject: How can I run 2 subnets within 1 network? [7:7967] Date: Mon, 11 Jun 2001 09:39:39 -0400 Hello group, I'm trying to get ideas for a network design. Essentially, there would be two networks, lets say 172.0.0.0 network and the 192.0.0.0 network. What I'm looking to accomplish is to have about 8 routers interconnected together, and both networks would run through them. However, each network is not allowed to learn about the other. That is, if I'm in the 172 network, I cannot ping hosts in the 192 network. Each router would have a switch, that would separate the two networks into two vlans, so hosts in one vlan cannot reach the other. It gets complicated when the traffic needs to be routed to another router. I hope I made sense, if I didn't, then please feel free to email me. Regards, Albert _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=7980t=7967 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How can I run 2 subnets within 1 network? [7:7967]
I think you are asking if you can have two different subnets in one interface? the answer is yes, one primary ip address for one subnet and a secondary ip address for the the second subnet. I beleive you can then use extended ACL to prevent the other network into talking to another network. Another thing you can do is to subinterface the router's fastethernet interface and trunk to the switch and again use extended ACL to prevent the intervlan communication. From: Albert Lu Reply-To: Albert Lu To: [EMAIL PROTECTED] Subject: How can I run 2 subnets within 1 network? [7:7967] Date: Mon, 11 Jun 2001 09:39:39 -0400 Hello group, I'm trying to get ideas for a network design. Essentially, there would be two networks, lets say 172.0.0.0 network and the 192.0.0.0 network. What I'm looking to accomplish is to have about 8 routers interconnected together, and both networks would run through them. However, each network is not allowed to learn about the other. That is, if I'm in the 172 network, I cannot ping hosts in the 192 network. Each router would have a switch, that would separate the two networks into two vlans, so hosts in one vlan cannot reach the other. It gets complicated when the traffic needs to be routed to another router. I hope I made sense, if I didn't, then please feel free to email me. Regards, Albert _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=7985t=7967 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How can I run 2 subnets within 1 network? [7:7967]
What do you mean with primary and seconday ip address for the interface? Aren't you only limited to 1? Could I subinterface the WAN link to the other router for each subnet? The net effect would be the whole network running with 2 subnets, separate from each other. Albert -Original Message- From: Bob S [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 12 June 2001 12:59 To: Albert lu; [EMAIL PROTECTED] Subject: Re: How can I run 2 subnets within 1 network? [7:7967] I think you are asking if you can have two different subnets in one interface? the answer is yes, one primary ip address for one subnet and a secondary ip address for the the second subnet. I beleive you can then use extended ACL to prevent the other network into talking to another network. Another thing you can do is to subinterface the router's fastethernet interface and trunk to the switch and again use extended ACL to prevent the intervlan communication. From: Albert Lu Reply-To: Albert Lu To: [EMAIL PROTECTED] Subject: How can I run 2 subnets within 1 network? [7:7967] Date: Mon, 11 Jun 2001 09:39:39 -0400 Hello group, I'm trying to get ideas for a network design. Essentially, there would be two networks, lets say 172.0.0.0 network and the 192.0.0.0 network. What I'm looking to accomplish is to have about 8 routers interconnected together, and both networks would run through them. However, each network is not allowed to learn about the other. That is, if I'm in the 172 network, I cannot ping hosts in the 192 network. Each router would have a switch, that would separate the two networks into two vlans, so hosts in one vlan cannot reach the other. It gets complicated when the traffic needs to be routed to another router. I hope I made sense, if I didn't, then please feel free to email me. Regards, Albert _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=7993t=7967 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How can I run 2 subnets within 1 network? [7:7967]
Dude, you can have as many secondary ip addresses you want in an interface. From: Albert Lu Reply-To: To: Bob S CC: GroupStudy Subject: RE: How can I run 2 subnets within 1 network? [7:7967] Date: Tue, 12 Jun 2001 01:21:31 +1000 What do you mean with primary and seconday ip address for the interface? Aren't you only limited to 1? Could I subinterface the WAN link to the other router for each subnet? The net effect would be the whole network running with 2 subnets, separate from each other. Albert -Original Message- From: Bob S [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 12 June 2001 12:59 To: Albert lu; [EMAIL PROTECTED] Subject: Re: How can I run 2 subnets within 1 network? [7:7967] I think you are asking if you can have two different subnets in one interface? the answer is yes, one primary ip address for one subnet and a secondary ip address for the the second subnet. I beleive you can then use extended ACL to prevent the other network into talking to another network. Another thing you can do is to subinterface the router's fastethernet interface and trunk to the switch and again use extended ACL to prevent the intervlan communication. From: Albert Lu Reply-To: Albert Lu To: [EMAIL PROTECTED] Subject: How can I run 2 subnets within 1 network? [7:7967] Date: Mon, 11 Jun 2001 09:39:39 -0400 Hello group, I'm trying to get ideas for a network design. Essentially, there would be two networks, lets say 172.0.0.0 network and the 192.0.0.0 network. What I'm looking to accomplish is to have about 8 routers interconnected together, and both networks would run through them. However, each network is not allowed to learn about the other. That is, if I'm in the 172 network, I cannot ping hosts in the 192 network. Each router would have a switch, that would separate the two networks into two vlans, so hosts in one vlan cannot reach the other. It gets complicated when the traffic needs to be routed to another router. I hope I made sense, if I didn't, then please feel free to email me. Regards, Albert _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=7994t=7967 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How can I run 2 subnets within 1 network? [7:7967]
Two ospf processes might be cleaner. So long as the broadcast domains are isolated, running two processes would keep things nicely separated. Using separate authentication kets as suggested, one per ospf process would also protect against a misconfiguration merging the two. However, we should likely backup and look at the design goals and criteria of this network to see if the proposed physical configuration for which we are trying to wedge a logical config onto is the most appropriate. *** REPLY SEPARATOR *** On 6/11/2001 at 11:09 AM Brian Lodwick wrote: Use OSPF as the routing protocol, and use authentication using one password for the one network and a different one for the other network. Then you would have a great IGP, and you can control who it talks to. Brian From: Albert Lu Reply-To: Albert Lu To: [EMAIL PROTECTED] Subject: How can I run 2 subnets within 1 network? [7:7967] Date: Mon, 11 Jun 2001 09:39:39 -0400 Hello group, I'm trying to get ideas for a network design. Essentially, there would be two networks, lets say 172.0.0.0 network and the 192.0.0.0 network. What I'm looking to accomplish is to have about 8 routers interconnected together, and both networks would run through them. However, each network is not allowed to learn about the other. That is, if I'm in the 172 network, I cannot ping hosts in the 192 network. Each router would have a switch, that would separate the two networks into two vlans, so hosts in one vlan cannot reach the other. It gets complicated when the traffic needs to be routed to another router. I hope I made sense, if I didn't, then please feel free to email me. Regards, Albert _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=8002t=7967 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How can I run 2 subnets within 1 network? [7:7967]
Albert, I had a case where one of the VLANs on the internal network should only access the internet, not the internal portion of the network. The purpose was to allow guests at the company to hook in and access the internet without giving them access to the internal network or using a modem and give realistic training on the company's product (which uses a web gateway). I put a reflexive ACL on the VLAN's subinterface on the router to ensure that only traffic to and from the internet was allowed. Basically, the list let outgoing traffic out to the internet and opened a hole through for return traffic. That's it. Nothing else. HTH, Karen *** REPLY SEPARATOR *** On 6/11/2001 at 9:39 AM Albert Lu wrote: Hello group, I'm trying to get ideas for a network design. Essentially, there would be two networks, lets say 172.0.0.0 network and the 192.0.0.0 network. What I'm looking to accomplish is to have about 8 routers interconnected together, and both networks would run through them. However, each network is not allowed to learn about the other. That is, if I'm in the 172 network, I cannot ping hosts in the 192 network. Each router would have a switch, that would separate the two networks into two vlans, so hosts in one vlan cannot reach the other. It gets complicated when the traffic needs to be routed to another router. I hope I made sense, if I didn't, then please feel free to email me. Regards, Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=8051t=7967 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
