Overlapping subnets
Let’s learn how to have two separate subnets with the same addressing space. Also we will enable ip communication between them.
The trick is to use network NAT in both routers. Let me explain.
Topology
We will use the following one. As we see, both subnets, SW1 and SW2, have the same ip addressing.
Problem
How can hosts in subnet SW1 communicate with hosts on subnet SW2? As far as we know, hosts using Ethernet as Layer 2 technology, will not be able to communicate in this manner. Host in SW1 will not use its gateway to reach host in SW2. It will do ARP to the broadcast address of subnet SW1 because the IP address of host in SW2 lies in its same subnet.
Solution
In order to get communication between them we need to mask both networks. In this way, hosts on subnet SW1 will appear to be in another network to hosts in subnet SW2, and vice versa. We’ll do this using a very simple nat command on each router.
- Hosts in SW1 will appear to be in 172.16.10.0/24 subnet to hosts in SW2.
- Hosts in SW2 will appear to be in 172.16.20.0/24 subnet to hosts in SW1.
Let’s see the steps:
- Enable nat translation on R1 and R2.
- Translate network 192.168.10.0/24 on R1 and R2 to 172.16.10.0/24 and 172.16.20.0/24 respectively.
- Add static routes to R1, R2 and BB1.
Configurations
R1
Current configuration : 1118 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
ip source-route
ip cef
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
memory-size iomem 0
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 172.16.10.0 255.255.255.0 Null0
ip route 172.16.20.0 255.255.255.0 10.0.1.10
no ip http server
no ip http secure-server
!
!
ip nat inside source static network 192.168.10.0 172.16.10.0 /24
!
!
!
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
R2
Current configuration : 1118 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
ip source-route
ip cef
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
memory-size iomem 0
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.10.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.2.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 172.16.10.0 255.255.255.0 10.0.2.10
ip route 172.16.20.0 255.255.255.0 Null0
no ip http server
no ip http secure-server
!
!
ip nat inside source static network 192.168.10.0 172.16.20.0 /24
!
!
!
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
BB1
Current configuration : 977 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BB1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
ip source-route
ip cef
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
memory-size iomem 0
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.1.10 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.2.10 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
ip route 172.16.10.0 255.255.255.0 10.0.1.1
ip route 172.16.20.0 255.255.255.0 10.0.2.2
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
Verification
R1 testing
R1(config)# do ping 172.16.20.2 so f0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.20.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/109/128 ms
R1(config)# do sh ip nat tra
Pro Inside global Inside local Outside local Outside global
icmp 172.16.10.1:4 192.168.10.1:4 172.16.20.2:4 172.16.20.2:4
--- 172.16.10.1 192.168.10.1 --- ---
--- 172.16.10.0 192.168.10.0 --- ---
R1(config)#
R2 testing
R2(config)# do ping 172.16.10.1 so f0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/121/136 ms
R2(config)# do sh ip nat tra
Pro Inside global Inside local Outside local Outside global
icmp 172.16.20.2:2 192.168.10.2:2 172.16.10.1:2 172.16.10.1:2
icmp 172.16.20.2:4 192.168.10.2:4 172.16.10.1:4 172.16.10.1:4
--- 172.16.20.2 192.168.10.2 --- ---
--- 172.16.20.0 192.168.10.0 --- ---
R2(config)#