Two network segments talked to each other, and today we'll give you a deeper understanding
Good afternoon, everyone!
In the day-to-day work of network engineers, we often encounter the need for interoperability between multiple different network segments. For example, the office network uses the 192.168.1.0 / 24 network segment, while the server room uses the network segment 192.168.2.0 / 24. The two need to be connected in two ways, so how do we configure them? Today we will delve into this classical network problem.
For more information, please scan the WhatsApp QR code below to contact customer service.
01 Scenarios
We have two typical private network segments:
· Network segmentA : 192.168.1.0/24 (Mask 255.255.255 0)
· Network segmentB : 192.168.2.0/24 (Mask 255.255.255 0)
Objective : The host in A network segment can communicate with the host in B network segment
Common application scenarios include:
· Different floors or areas are divided into different subnets;
· Separate management of multiple departments and access to business interoperability;
· Use VLAN + three-layer switch to realize network partition .
02 Three common ways of network interconnection
Way 1: Through a three-tiered device (recommended way)
The most standard practice is to use a three-layer switch or a router to communicate across network segments .
The configuration idea:
1. Configure one for each subnet Gateway Interface (SVI or sub-interface) ;
2. The default gateway for each host is set to the interface address of its network segment;
3. Enables the routing capabilities of three-tier devices.
Sample configuration ( Huawei switch ) :
Host gateway configuration:
· A network segment host : set the gateway to 192.168.1.1
· B network segment host : set the gateway to 192.168.2.1
This way , the equipment can be completed by the three-layer forwarding of the switch , simple and efficient , recommended
Option 2: forwarding via static routing or dual-network card host
In the absence of a three-layer switch , we can use a host with two network cards or a Linux router for communication .
The configuration idea:
1. Prepare a host that connects two segments at the same time ( or virtual machine ) ;
2. Turn on IP forwarding function;
3. Configure static routing to point to this host.
Example ( Linux forwarding ) :
Then configure static routes on both hosts to point to this Linux host , for a temporary or resource-constrained scenario .
Option 3: Firewall or router policy interoperability
If firewalls and routers are deployed in the network (such as Huawei USG, Cisco ASA, RuijieRG-WALL) ,You can also configure security policies and routing rules to enable communication.
Configuration steps:
1. Configure two interfaces in the firewall to access different network segments;
2. Add routing for two network segments;
3. Configure a security policy that allows two areas to access each other.
03 FAQs
Q1 : The IP addresses of the two network segments are not in conflict . Why can 't they communicate directly ? A: IP conflict ≠ can communicate。The data between different subnets needs to be forwarded by a three-layer device , otherwise it cannot be broadcast or addressed directly in the two-layer network.
Q2 : I have a three-layer switch , but I still can 't communicate . What could be the reason ? A : Check the following points :
· Is the host gateway correct?
· Whether the layer 3 device has ip routing enabled;
· Whether there are ACL, VLAN isolation and other policy blocking.
Summary Recommendations
Method
| characteristic
| Applicable scenarios
|
Three-layer Inter changer / VLANIF
| Efficient and stable, mainstream approach
| Enterprise network, campus network
|
Two-network card host forwarding
| Low cost, flexible configuration
| Temporary tests, small networking
|
Firewalls routing strategy
| Secure and controllable, complex configuration
| Multi-zone segregation and compliance scenarios
|
It is recommended that in a formal network environment , three-layer switches or routing devices should be used for standard forwarding , to ensure stability and maintainability in the future .
We've shared our content here today! Communication between different network segments is the most basic but crucial part of network planning. Hope this article helps you to take fewer detours in actual deployments!
