|
Posted by Trendkill on May 5, 2008, 11:52 am
If you were Registered and logged in, you could reply and use other advanced thread options >
>
>
> > > You also said:
>
> > > > Option D would probably work but it is definitely a cludge.
>
> > > I hope that's true -- it would seem to be our only serious alternative to
> > > double NATing. I agree it's unusual -- do you know whether there's some
> > > specific downside, from the standpoint of performance or reliability? Do
> > > you think we will need arp proxy to make this work (which our current
config
> > > does)?
>
> > if you configured say 70.x.x.2 on the "inside" FE router interface and
> > made that the default gateway for all the devices, then proxy ARP
> > could be disabled on the inside interface
>
> > Proxy ARP would need to be enabled on the outside interface to answer
> > ARP request for 70.x.x.y coming from the Verizon router @ 70.x.x.1
>
> > You could try the following to see if it works for you from both a
> > connectivity and a performance perspective, save your current config
> > before doing so.
>
> > int fa 0/0
> > description inside LAN interface
> > ip addr 70.x.x.2 255.255.255.192 ! default gateway for devices on
> > LAN
>
> > int fa 0/1
> > description outside interface facing Verizon FIOS ONT
> > ip addr <any IP address / some mask>
> > ip proxy-arp ! in order to be able to answer ARP requests from
> > 70.x.x.1
>
> > ip classless
> > ip route 0.0.0.0 0.0.0.0 70.x.x.1
> > ip route 70.x.x.1 255.255.255.255 FastEthernet0/1
>
> I think the issue is that his range is ..64/26, and he was told to
> use .66 as his router w/ a 24 bit mask (so he can hit .1) and not to
> use anything else. Therefore I'm not sure he can put a different
> address on that external interface, and there is no easy way to subnet
> without cutting out half of his assigned addresses. If he uses the
> first set to assign a /30, then he can't get to Verizon's router, and
> if he could, then he can't easily subnet whats left without vlan'ing
> it into a /30, a /29, a /28, and a /27. What a pain, I'd be screaming
> at verizon for a /30, even if its not public.
I wonder if he could ask Verizon to put a secondary IP on the VLAN of
interface on their router, say .67. Assign a /31 point to point for
the router uplink, then have the router split up the /30, /29, /28, /
27 (presuming his switch is not a L3 switch), and trunk it to the
switch. He will lose some addressing for network/broadcast addresses,
but this could work. He would then be effectively giving Verizon one
of his own addresses. Would that work?
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map