LAN subnetting not allowed?

GruensFroeschli

What Julf is trying to do sounds to me a lot like a filtering bridge.

Basically:
Create a vlan100 for your device-group1.
Create a vlan200 for your device-group2.
Create a bridge containing vlan100 and vlan200.
Assign the bridge as interface.
Do all your IP configuration on the assigned bridge interface. (DHCP server?) –> No IP configuration on the vlan interfaces.
Create firewall rules on the vlan100/vlan200/bridge interfaces accordingly.

Now you have 2 vlans with the same subnet and the ability to create firewall rules which allowed you to defines how devices between these two vlan talk to each other.

However as the rest of this thread pointed out:
A less complicated solution would be to simply have 2 subnets.
If you have a single /24 assigned for your own use, simply use it as two /25.
To the outside you still appear as a /24, but internally you are two /25.

Julf

@GruensFroeschli:

What Julf is trying to do sounds to me a lot like a filtering bridge.

Hadn't thought about a bridge - that could be a solution.

However as the rest of this thread pointed out:
A less complicated solution would be to simply have 2 subnets.
If you have a single /24 assigned for your own use, simply use it as two /25.
To the outside you still appear as a /24, but internally you are two /25.

Indeed, as long as I can fit all the "normal" hosts in a /25 - should be possible.

johnpoz

"Hadn't thought about a bridge - that could be a solution."

No it wouldn't it would be pretty much an abomination!!  So you can do exactly the same freaking thing.. Use part of your /24 network on 1 side ie your /25 and then subset of that /24 on your other side Ie /26..

Why do you not just do as we have be saying from the get go subnet your /24 down..  You can do exactly what you want, you just can not overlap..

The big question is how many hosts do you have??  As I mentioned before if you have more than /25 that need to be on same network and this /24 is assigned to you then your going to need more networks or bigger network.

I am very curious in what sort scenario your in were they are limiting you to 1 /24??  the 10 space is freaking HUGE.. How many sites/locations are you talking that you can only have 1 /24?? 65k of them?

Julf

@johnpoz:

I am very curious in what sort scenario your in were they are limiting you to 1 /24??  the 10 space is freaking HUGE.. How many sites/locations are you talking that you can only have 1 /24?? 65k of them?

Some times the problems are not technical but political. I will request a larger address space.