Subnet Merge - Same Router/Switch

aaronsummitinc · Oct 2, 2017

Okay, I am not GREAT with network hardware/software but I am OKAY at it. I know the basics of connecting stuff. My skills are more towards computers and home networking. Now, I JUST had AT&T setup Fiber at my place of business. I originally had to basic 20/20 fiber and they only offered me 5 IP Addresses to start off with. I than had them provide another 30 IP Addresses (I may have not done the right thing) so that I can get the rest of them onto a network. Now, AT&T provided their own Cisco 1921 Managed Router and I just connected it to the existing switch that we had all of our computers connected too. Now... I believe that the other 30 IP Addresses are on a separate Subnet. From what they told me, that router they provided allows for separate Subnets and IP Addresses to be provided through the single router and thus I had them setup DNS/DHCP so that it can automatically assign IP Addresses.

My question is:

Will it automatically assign each computer on my network with those IP Addresses from both ranges along with their Subnets? AND how do I allow them to connect to the computers from the other Subnet/ect? I have a NAS and a QuickBooks File System on the network too. Would it be as simple as setting up hamachi and having them connect to a virtual network pretty much?

USAFRet · Oct 2, 2017

I originally had to basic 20/20 fiber and they only offered me 5 IP Addresses to start off with. I than had them provide another 30 IP Addresses so that I can get the rest of them onto a network.

Question:
Why do you need 30+ individual public IP addresses?

aaronsummitinc · Oct 2, 2017

Actually, not quite sure. How would I go about setting up an internal network with them connecting through my ISP? I cant seem to figure it out. I am used to home networks where I setup one network using a modem/router and having all connect either to my router or switch and having all connected.

aaronsummitinc · Oct 2, 2017

Would it be just as simple as connecting a personal router to the Cisco 1921 and setting it up using the single public address and the subnet?

USAFRet · Oct 2, 2017

aaronsummitinc :

It works pretty much the same for a small business.

ISP->modem/router-> All Your Stuff.
The router serves up many, many internal IP addresses. Generally, 192.168.1.xxx

USAFRet · Oct 2, 2017

Of course, we don't know what your business does.
But if you really needed them, you would probably know how to set it up.

aaronsummitinc · Oct 2, 2017

They provided me with the Fiber Hardware and also provided me with a managed router. When I plugged in the router to the existing switch, 5 devices connected to the internet. The other devices were thrown into a different subnet and address range and will NOT switch to the same Subnet and IP Range. How would I go about fixing this? Again, I know about basic home networks and have NEVER had this issue.

Again, DHCP is currently enabled on the managed router they provided (again, Cisco 1921) so I assumed that it would do just like a normal home network setup would do but I was wrong.

I am assuming now that you understand what I am explaining which is why I asked for more IP Addresses. However, now reading back through my information I probably dont need those public IP Addresses unless I am running Servers. Woops on my part! Brain-dead moment.

However, I still need help in trying to figure out the issue as far as why 5 devices are connecting and the others are on a different subnet and ip range.

USAFRet · Oct 2, 2017

To diagnose, we'd need a really clear diagram of exactly what you have going onm.
All the parts, etc.

aaronsummitinc · Oct 2, 2017

Give me a few minutes and I will try to mock up a visual aide! Hopefully you will be available to help me out real quick.

aaronsummitinc · Oct 2, 2017

I have made a flowchart (although basic and not great) to show you all of the hardware I have. All of the machines I have are Windows 10 Laptops. There is 1 NAS that I have connected internally to all laptops and also can connect cellphones to backup as needed internally and externally. I have a laptop that I use as a File System for Quickbooks. I have network attached printers too.

Here is a link for the flowchart:

https://www.draw.io/?lightbox=1&highlight=0000ff&edit=_blank&layers=1&nav=1&title=Untitled%20Diagram.xml#R7Vxtc9o4EP41fISxLb9%2BJBDuOtN2Ok1mev2UUWwFdDUWYysh6a8%2FyZawLZnigE04oDMlZiVL9j7a1bMriQGYLF%2F%2FSuFq8YVEKB5YRvQ6ANOBZZmm4bI%2FXPJWSBzbKATzFEeiUim4w7%2BREMpqzzhCWa0iJSSmeFUXhiRJUEhrMpimZF2v9kTieq8rOEea4C6EsS79gSO6KKS%2BY5TyvxGeL%2BjmhUXJIwx%2FzVPynIj%2BBhZ4yv8VxUso2xL1swWMyLoiArcDMEkJocXV8nWCYq5bqbbivtmW0s1zpyihrW7wxHPQN%2FnuKGKqEF9JShdkThIY35bSm%2Fz9EG%2FBYN8WdBmzS5NdoldM%2F6lc%2F%2BRVRo749g2leIkoSsWN7BHTt3%2BqXyr1%2BVf1hn8RpW9isMBnSpiofMDPhKxE18Ur8ffYqhUhyshzGopalhhnMJ0jUQtsEGEjHRH2LOkbq5KiGFL8Um8diiE339Qr1c4uhOabURBdv8D4Gclxo6DCBsqKXy5f59zkRiHOQjJaMstbZg8wiR5WC5KgrJDUUYlgttig9YTjeEJikubNAgO4fuAxeUZT8gtVSsSwlSXSDJg%2Bbl5QSjEzls%2FwEcXfSIYpJgkreySUkmWlwjjGc15AGTTFG7IC9PpnVHR9yxukExFOxbKLr%2BvSQj0xnBcV47S8wwEy%2FVMwk5HB1VMzFfAxtgJ0W7GPZStBH1CU6v9ZKflwpZrH8kBgtwd6Igmteg7DdSeTLcbewkfESkHIVMMVfQNFOxtBBS7Fe03yf03ey%2FV984YbB%2FOWEUblkyfMS1bEU5wy%2FlA8QcKxbHR4qvNNEF2T9Fc2YuOqeMYO3BswFfcGNPe2oRlV%2FwaMw%2BG3d8O%2FE1CYrQoq9oRfualVcWseI3XUBDL6REdT%2FDrK1piGi2407QR1TZuupunA0hVtm8xJHKxq52pp%2B1haDFfF63aAvwcU%2FI12luZ0AL97hf%2FU4PePCL93hf%2FU4DedI%2BLvX%2FH%2FaPxtT539WxKtLvAPrvifGv4bAn0M%2FCXV7DOR4P0%2F8m2SdVXjXasZuc7DXdn3n%2BywljarKF0dpHCdgRHmNsSG6wPQrWdqTcH0DzbSwZg2dxJaL5DBS21I2x3o0tytS6kzvMwT77tDw3Zu7WaTbW9KXOadjWVUajSFqOJ5pgtK%2BcrCmL%2B0NQujxBjhkCRPmNldOgpZj9YsghSyP1yesb9rVkbWmf8gBZzazxKYjVbJvAuaIt2NdFOWDqrT5KU6SAeYLRLS7zKPEC5RCnXTcKzAnsx6NQ1PzRo30P1m4yilB%2BmyRWrtjHIrwLTrrsjT1d1fcsVskci68iudX61SnHSWyFQDLNAwBBoJ1kZ40BC4JthObwjYbXMsnQwBqwUjQUk05hsFSj1WebVkyubI8D2FLXv%2BNr48aM2DWyyctZzmW1Nj0cM3wmAugXKVVLijriYUjF3cVUKgN1Rvx1VxLN5YayeHcvPW7dBtQU4q6IYxzDIcbgHYGJl1eD3X7hZe56TgtU4e3RZ0aRe6bYE6FVQ0p9cWFpXbag11iEsLZnV2uPj74qKmmNWGOsSlBd05N1y0GHdfe9Ea6hCXFgt97Wep%2BhzlWkG3c1QR758KvGBfDuI5Crxuf%2FC2WMg7N7Oz98bF2tFQh7i0WGA7N1z25uwqLlpD3eEiW%2B4gJFN9odexL9yy5e442Noqcwjc%2FbA9HmMHh0bbp25vKiabBcT3YqI2ZPUIinX%2BfnCnOlvjoq4I94jLBYS3Gi4qDdsbl%2F74HLguHHx81ljFG0g7PErWGFwXDk5vCNht9%2BZ2MwQuIKpTvTPYm824Oxrq0DtfQFTXHct0dzTUIS76dsbx%2FT0TzD7d3H4fWG7MdHQT4Rd2OeeXPOCc8Y%2BihO%2BqKQs1SJkboXUQU5Th3%2FAxr8BDvBV%2Fify1nJuBM%2BWe85kyf5pvWTMrjjRGT3T7XokVDHEyv883tA3tXrZkNayB%2Bw2DqZPDPHqsPfl0%2B3XcgAcIwFYwtMpS9JiqkrPGUa6ZySSJrwHZ5BXsLoDUI%2BvJ%2BN6F56Vg5rBqCpZH0nco2OpCwXqUPOHnqpnIDPhjG19gAucoarCG78XRP8sYDvJ4ccb%2By98j4FyKqYBxqUuwEOAGNQCb9tO7ffk6PZ6eQOqg89Kw7Xg1DcsWjmEiemAsTYQ3XxvklRHOZ79Zzsn5Z%2Fs5RmxFvACrcQJQtxp9Xgn6mlf0SPfUjCYlFIqQdBgY3WgcyFvkRNNw8KM3M9KXgy9C5duWdo%2Bhcj2YvwSVu8oiuOkfcbLQ4%2FQfU86ifja4%2BklMnqPWE8PX8d0lzAq%2BsiTbdDitiUt1Mi3o0fwPnKIYZRmTToojHDoyd28ZRUtBhMeUwpCfC%2BE%2F2MU%2Bfoy%2FXgZs9cM6jZnrvjiwtOazOoAFdh%2FAWv0mZDmM0AuKyQqlQ14wzBCjozOnYJ7u0LT8js5jmUpazXT0OFVyuCrCUnYQwu9bYm%2FeTCbOig6NkWGDQfXAqO1bg%2BYjo0Uv7z7Z%2BaFbKJTEm7vvZkFL24rRWx5VppgaPa%2FmcMdhyAqGq6Lj83eupjylujkJ6WiW11cu1bmI%2FIKWgmsIRvvijI6eYBjnFcS6Iuce7EXYp1hxrBUdkKTW7SrvtvipgbJXkdLLKc0LhjkTygdA51lz%2FYGiCPO5y8A8nSjMXnqpjPAkY%2F8PURB4PlgEYTdwpqglZ3ow197nUnsJL%2BJgF79M2brD4sYQ8nd%2BRPl8ICllccqe9fS26YCZ3UZ0%2Fq7Qr%2BeMQBBodgqsBkM1zfdbKvta%2Fg5tMamVP%2FYLbv8D

aaronsummitinc · Oct 2, 2017

Now, two laptops (one usable laptop and the one with the quickbooks db), the NAS and the Camera System on the back office switch are showing on one Subnet and the public ip address and is able to connect to the internet. One laptop from the front office switch is also able to see the same subnet and ip range given from ATT and is able to connect as well to the internet.

Now, One laptop from the back switch, the time clock located on the front switch with the OTHER laptop and the printers currently on the switches cannot see the other computers and are also on a different subnet and cannot connect to the internet and I cant seem to get them connected.

See how I am confused?

Mind you, the two switches I have connected are NOT smart switches and are not managed switches.

bill001g · Oct 2, 2017

Do you know how to configure cisco commercial routers. They likely assigned you a /27 block. It should be as simple as defining this subnet on the other interface and setting up dhcp. There are other ways to implement this using NAT and/or further subnetting the block.

I would strongly recommend you do not actually assign these ip addresses directly to your end equipment. You do not have a firewall in the path and the 1921 is likely does not have the firewall feature on it...it might but it increases the cost of the router a lot.

NAT has the huge advantage of acting as a firewall just because it is so stupid. When someone sends attack traffic in from the internet it does not know what machine to send it to so it just discards it. That is the first rule you would put in a firewall so nat does a huge chuck of the firewall function just because it does not know any better.

Your machine WILL be attacked. Things like NAS or printers tend to have simplistic security and do not get firmware updates. They are not designed to be directly on the internet.

aaronsummitinc · Oct 2, 2017

And that is what I am now thinking after I bounced an idea off of my buddy. However, I have no way of actually configuring the Router because I don't have a Com Port converter for USB. I have unfortunately also never configured one. The only other thing I can think of is to use one of my existing wired/wireless routers, plug it into the main port and connect the switch to it and then attach one of the Public IP Addresses to the router and than have the router assign internal addresses to it using the router's DHCP Function. Would I be correct in assuming that I can do this?

Unfortunately business networks are a new thing for me. I again am used to plug and play on a home network... lol

I guess trial and error FTW! Also, I am unfortunately still learning several things daily about network equipment. It is sad to say but I am their IT Guy and thought the same way as USAFRet did and thought it wasn't going to be much of a different area. Boy was I wrong!

bill001g · Oct 2, 2017

You could put another router in the path but it would be best to just configure the cisco.

You should be able to telnet or SSH into the router, it may actually have the web interface active but nobody who does cisco routers really uses that since it many times just opens a cmd screen anyway for advanced configuration.

The good news is there is a massive amount of sample configurations for cisco routers but the devices tends to be confusing to configure because they have so many options. It takes a while to learn which you can ignore because they don't apply to you. Thing like NAT in these routers have some very advanced options so it can be very confusing to learn.

aaronsummitinc · Oct 2, 2017

I have tried to connect to the Cisco Router using Telnet and SSH with just being connected to the Ethernet Port but the connection is always refused and that IS using the information that AT&T gave me. The tech I was talking to when they turned up my service told me that I cannot access the router since it is managed by them and not by me. This is why I just need for now to figure out a temporary solution and than to have someone go through with me and setup an NAT on the Cisco router itself later on.

I know connecting another Router isn't the best idea but in principle it will have to work for now.

In all reality, I need someone to help me out with the switch and I have no one who is experienced enough around me and I cant afford to have a Tech come out at the moment currently to configure it for me.

aaronsummitinc · Oct 2, 2017

And yes, it is an /27 block of 5 public IP Addresses.

bill001g · Oct 3, 2017

A /27 is actually 32 addresses 2 of which are not usable in certain configurations. The other 5 from what you say come out of a different block.

If the router is managed then ask them to configure it the way you need.

Just guessing they may assign one group of ip to one interface and a second group to the other. It should work fine since the cisco is actual router. You may not see stuff in network discovery because it is limited to a subnet but if you were to key in the IP address it will still connect.

The large concern I would have is exposing machines to the internet. Temporarily you may want to have them bridge both physical interfaces on the router....or better you plug your 2 switches together. Then ask them to take 1 of your many addresses and run NAT. All your machine will share the single IP. As you figure out a use for the other IP blocks you can ask them to change the configuration.

Pretty much you only need multiple real addresses when you have take the step to have a service you are offering to the internet. You almost have to have a firewall to safely do this. It is becoming more and more rare to even do it this way. Most times it is cheaper to run from hosting centers where you get firewall and fixed ip addresses as part of the server rental packages.

Subnet Merge - Same Router/Switch

Prominent

Titan

Prominent

Prominent

Titan

Titan

Prominent

Titan

Prominent

Prominent

Prominent

Titan

Prominent

Titan

Prominent

Prominent

Titan

Share this page