IPs overlaps on L3 cisco 3550 switch?

Question

I want to configure my L3 switch to connect multiple devices:

squid proxy (192.168.1.4)
web server (192.168.1.6)
client (192.168.1.11)

something like that:

enter image description here

the problem is when I configure one interface it worked will:

ip address 192.168.1.7 255.255.255.0

but when I try(on another interface):

ip address 192.168.1.8 255.255.255.0

this message returned:

192.168.1.0 overlaped with fastethernet0/1

this is confusing, because I have used /24 as a mask.

and even when I try:

ip address 192.168.2.8 255.255.255.0

I can't connect the webserver(192.168.1.6) to the squid (192.168.2.4)

So is there something I have missed?

Note: I have configured all the interfaces to be no switchport.

Do you want those 3 to stay on the same network? If yes, then you can configure an SVI. If not, then you can configure 3 SVI and configure the related switch's port to the approriate VLAN. Unless you want to set the switch's ports to routing mode. — Ron Vince, Jul 06 '14 at 09:52

score 4 · Accepted Answer · edited Apr 13 '17 at 12:57

So is there something I have missed?

Yes, you've got the following machines that you want in the same /24 subnet:

squid proxy (192.168.1.4)
web server (192.168.1.6)
client (192.168.1.11)

However, you're trying to put each one of them on their own routed interface; this is a very common mistake. The simplest solution to your problem is to create what Cisco calls a Switched Vlan Interface (SVI) for all of 192.168.1.0/24 on your 3550.

Let's assume you're going to use Vlan 10 for all these systems; it doesn't really matter what vlan number you use, although people tend to avoid vlan 1 for security reasons. I will make assumptions about which switchport you connected these systems to, however the port numbers should not matter; just be sure that you configure their actual port number in vlan 10. The configuration you want to use is:

ip routing
!
! many people set vtp to transparent to avoid future problems...
vtp mode transparent
!
vlan 10
 state active
!
interface FastEthernet0/1
 description [Squid Proxy]
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/2
 description [Web Server]
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/3
 description [Client]
 switchport access vlan 10
 switchport mode access
!
interface Vlan10
 ip address 192.168.1.254 255.255.255.0
 no ip proxy-arp
 no ip directed-broadcast
 no shut
!
! Add a default route on a different SVI if you want these systems
! to route through the 3550 to other networks

Now configure your squid proxy, web server, and client to use 192.168.1.254 as the default gateway.

Finally, consider using switchport nonnegotiate on Fa0/1, Fa0/2, and Fa0/3.

thanks, amazing answer,but what is the reason of the options `no ip proxy-arp` ,`no ip directed-broadcast` — Nidal, Jul 06 '14 at 11:43
[`ip proxy-arp`](http://networkengineering.stackexchange.com/questions/5279/why-are-routers-not-answering-arp-broadcasts/5280#5280) is enabled by default, but it tends to cause more problems than necessary and is occasionally considered a security risk. `ip directed-broadcast` is also enabled by default and can also be a security risk. I usually disable these in my infrastructure unless there is a good reason to keep them on. — Mike Pennington, Jul 06 '14 at 11:49

score 2 · Answer 2 · edited Apr 13 '17 at 12:57

2

Your two IP address statements ARE overlapping. 192.168.1.7 and 192.168.1.8 are in the same /24 subnet: 192.168.1.0/24.

A /24 are 256 addresses ranging from 192.168.1.0 to 192.168.1.255.

If you want to know more, there are questions about CIDR subnetting on this SE.

edited Apr 13 '17 at 12:57

Community

1

answered Jul 05 '14 at 11:06

Sebastian Wiesinger

8,107
3
34
60

@Sebestian, what about the 2nd question? – Nidal Jul 05 '14 at 11:08
@Networker not sure, post your config from the 2nd question and try pinging the SQID and Webserver from the L3 switch. – Sebastian Wiesinger Jul 05 '14 at 11:13

score 0 · Answer 3 · answered Jul 06 '14 at 08:36

Faster solution :

ip routing

vlan 10 
name xxxx

Interface vlan 10
Description xxxx
Ip adress 192.168.1.1 255.255.255.0 
no shut
Interface vlan 20
Description xxxx
Ip adress 192.168.2.1 255.255.255.0
no shut

On ports:

Switchport mode access 
Switchport access vlan 10
no shut

and for the squid server:

Switchport mode access 
Switchport access vlan 20
no shut

Basic config , should get you started. Now you can use the subnet where you need it , just make the ports access in vlan 10 / vlan 20 for the second subnet ps: have fun.

IPs overlaps on L3 cisco 3550 switch?

3 Answers3