Do you need use of all 61 available address ? Becuase another option that one of the other responders proposed was to put part of the space on the outside interface and part on the inside like so int fa 0/0 description inside LAN interface ip addr 70.x.x.98 255.255.255.224 ! default gateway int fa 0/1 description outside interface facing Verizon FIOS ONT ip addr 70.x.x.66 255.255.255.224 ip proxy-arp ! to answer ARP requests from 70.x.x.1 ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 70.x.x.1 You can use small block on outside and then add secondary address blocks to inside if you want to go to the bother
Yes, except you would need to ensure Verizon adds a route (or turn up a protocol) to ensure that they know how to get back into the second half of your range. They would also need to turn up a secondary address, as .98/27 doesn't include .1 which is the gateway. You could turn up .68/30 with .69 as their secondary IP, .70 as your router, and then .96/27 on the inside interface. You'd lose .71-.95 unless you want to subinterface the router's connection back to the internal switch and trunk a /29, /28, and /27 instead. Although since Verizon doesn't seem to be able to do anything but transfer your calls, they probably won't turn up a secondary interface (even if its in your address range), and most likely will not add a static route for those subnets. May be worth a call though.....
No - proxy ARP should take care of this is it is enabled on the cisco WAN interface. The cisco will repond to ARP requests where it is the preferred route to the destination IP - in this case any IP addresses on the LAN side of the cisco. You can map further blocks on the LAN with static routes to the LAN side interface if the WAN side is only a small block such as a /30. ip route 70.x.x.80 255.255.255.240 FastEth 0/0 for example maps another 16 addresses. They would also need to turn up a secondary Golden rule with a carrier who doesnt seem to have systems to do something, is not to ask for anything non standard (ie not standard for them). Even if you get it sorted and it works, can you get it to stay like that, or will someone "fix" it for you when they notice ?
| Based on numerous tests, I have come to the conclusion that the | router/switch on Verizon's side is totally spoof protected: It will not | respond to an ARP query unless the source address is one of the 61 addresses | assigned to us You could always add a static arp entry for Verizon's gateway on your end and proceed with option D as I indicated. Of course, if they change their MAC address you will lose connectivity until you adapt. | (we've tried .2 and also tried assigning 10.1.1.1 to the | outside of the router, and giving a static route to our gateway.) In one | case, .2 worked briefly -- probably because we had just swiched over, and it | had an association of our MAC address with a valid IP. Possibly there had been an incoming packet to which your router had responded as a proxy. That would not look spoofed since the address would be in your range, and in any case your router would have picked up the MAC address of Verizon's router in the process. Dan Lanciani [email protected]*com
Would a sub interface help here at all? Say interface FastEthernet0/1.1 I haven't read the whole thread yet, but that might help if you only wanted certain traffic using it? Charles
