Inconsistent Subnet Mask

I am working on a network where the inside interface of the edge router is addressed as Its peer is R2 addressed as R2 also has an interface addressed as that goes to R3 ( in another office.

I do not know whether the inconsistent use of the subnet mask was accidental or intentional. Even if this is completely OK, I need to understand how this works so I can properly set the mask for other devices on the 10.1.1.x network.

Please explain how to determine the effects of using inconsistent subnet masks.

Reply to
Loading thread data ...

Its doubtful that it was intentional, most likely totally a total accident or lack of thought process that goes into it.

All is not lost though.

The subnet mask is a fairly simple construct.

It simply differentiates the IP range. Having overlapping ranges is not an error, or will cause major problems, just simple ones.

The worst thing that happens is that R1, nor anybody behind R1 will be able to reach R2 and R3. Assuming there are other IP ranges behind R2 and R3, those other IP ranges will be routable and fully available.

Because, according to its subnet mask setting, should be part of its inside interface. So, it will not forward along packets destined for, but instead assume something on the inside interface will speak up for them (ie. ARP respond for them) and route there.

Note, this can change depending on smaller subnet routes entered into R1, but might not be worth it.

The main consideration if you want to change this is if you want to monitor R2 & R3 from behind R1, it might be best to renumber everything to be seperate and distinct, but its not going to break anything hard to leave it this way.

Reply to
Doug McIntyre

Doug, Thanks for trying to help me with this. I've thought a lot about what you said. If I understood you correctly, the problem with inconsistent subnet masks is that it causes address resolution issues. Is this correct?

After do> The worst thing that happens is that R1, nor anybody behind R1 will be

I understand why R1 might not be able to reach R3 (see below) but not why R1 would not be able to reach R2. R2 is directly connected to R1 and on its /24 subnet.

As I understand it, R1 will ARP for any devices on connected networks, then create the L2 header and forward packets directly to the destination. If so, R1 will ARP for R2, which will respond for itself. Right?

To send packets to R3, R1 will need R2's MAC. From what I read, it seems that there should be two ways for R1 to get this: (a) install a permanent mapping for R3's MAC in R1's ARP cache (b) turn on proxy ARP in R2 for R3

Please let me know if I've misunderstood some key (or minor) point here. Thanks! Bob

Reply to

Yes to reach R3 (, R1 ( will simply ARP for By default on Cisco Proxy ARP is enabled so unless it has been turned off with no ip proxy-arp, R2 will respond with it's MAC and R1 will install R2's MAC for R3. Confused?

After ping ping

R1's ARP table will look like R2-MAC R2-MAC

I always use consistent masks and if I remember I turn off proxy ARP to reduce possible (future) confusion.

You pretty much seem to have cracked it. I wrote the following before I read your second post and I may as well post it now:(

The subnet mask specifies which addresses are local to the interface and which are remote. Remote addresses are accessed via the routing table (maybe containing only the default gateway) and local addresses are accessed directly simply using ARP. Sometimes the router (also called a gateway) will be configured to do proxy ARP and will respond on behalf of remote addresses. On Cisco routers proxy ARP is enabled by default. I always turn it off in the basis that I want to know how the network works and don't want to relay on hidden magic.

There is NO ALTERNATIVE to getting into the binary to understand subnet masks.

In your case and will communicate correctly since they both agree that both are local to each other. thinks that local addresses are: with reserved and for directed broadcast thinks that local addresses are: with reserved and for directed broadcast

I have been doing this so long and these are easy addresses so the above ranges and stuff just come into my head without any effort at all:-)

Since the directed broadcast address is virtually never used BOTH agree that and are on the same network and both ARP for each other so all is well.

The best thing is to get the inconsistent masks fixed at some time so that there is no confusion as to how the network might be working.

If you want more help post the routing tables and arp cache entries for the devices with any further questions.

The inconsistent masks will on the other hand break some/many/all dynamic routing protocols. I don't care whether it is some or many or all 'cos I simply always use consistent subnet masks.

Reply to

bod43, Thanks for the detailed reply. I believe I now have a firm grasp of the key concepts of subnet mask and arp, and how they are related. Bob

Reply to
bobneworleans Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.