From: Jerry (phase90@comcast.net)
Date: Tue Feb 25 2003 - 19:43:10 GMT-3
Thanks all who replied,
This is our PIX firewall bypass mechanism. It uses a
multimode jumper from 8540, which
is core of the inside network [ PIX inside interface ], to an OC-3 pam on
8510, which is outside network [ connected to PIX outside ] On the 8520 we
have sub-interface a2/0/0.200
lane client 200 Public-subnet
198.154.18.1 / 24
There is a lane server on the 8540 and a le-arp entry for a2/0/0.200 on
the 8510. From the 8540 I can
always ping 198.154.18.1 I use IRB and dot1q 200 encapsulations on
the Gig card interfaces
to bring any access switch hanging off the 8540 into the public vlan. The
Gig card sub-interfaces are
in bridge-group 10 - BVI10 has no ip address - it is on the 8510.
From 8540 ...
interface ATM9/0/1.200 multipoint <<<--- ATM Routing Module
no ip directed-broadcast
lane client ethernet Public-subnet
bridge-group 10
From 8510 ...
interface ATM2/0/0.200 multipoint
description PUBLIC LANE SEGMENT
ip address 198.154.18.1 255.255.255.0
no ip directed-broadcast
lane client ethernet Public-subnet
Today I tried static to ARM port - ip route 198.154.18.0 255.255.255.0
ATM9/0/1.200 and I have
a redistribute static in the EIGRP session already. It didn't redistribute
198.154.18.0 Next I tried
a static to the ATM PAM connecting to the 8510 ... ip route 198.154.18.0
255.255.255.0 ATM0/1/3
This also didn't work. Mind you the connectivity still works if your station
is on a layer 2 trunk. Alls
I'm trying to do is to get 198.154.18.0 to somehow get into the EIGRP
session so that the routed
4006s can provide ip to the public subnet. No call in to TAC yet. If it
can't be done then so be it!
Sorry for too long.
Jerry
----- Original Message -----
From: Brian Dennis <brian@labforge.com>
To: 'Mike Williams' <ccie2be@swbell.net>; 'Roberts, Larry'
<Larry.Roberts@expanets.com>; <ccielab@groupstudy.com>
Sent: Tuesday, February 25, 2003 11:33 AM
Subject: RE: Does anyone know if this is possible?
> Mike,
> Are you sure a static route pointing to an interface has a distance of 0
> and a static route pointing to an IP address has a distance of 1? See
> below.
>
> ip route 2.2.2.2 255.255.255.255 172.16.2.1
> ip route 2.2.2.2 255.255.255.255 Ethernet0
>
> Rack4R4#sho ip route 2.2.2.2
> Routing entry for 2.2.2.2/32
> Known via "static", distance 1, metric 0 (connected)
> ^^^^^^^^^^
> Routing Descriptor Blocks:
> * 172.16.2.1
> Route metric is 0, traffic share count is 1
> directly connected, via Ethernet0
> Route metric is 0, traffic share count is 1
>
> Rack4R4#conf t
> Rack4R4(config)#ip route 5.5.5.5 255.255.255.255 e0
> Rack4R4(config)#^Z
> Rack4R4#sho ip rout 5.5.5.5
> Routing entry for 5.5.5.5/32
> Known via "static", distance 1, metric 0 (connected)
> ^^^^^^^^^^
> Routing Descriptor Blocks:
> * directly connected, via Ethernet0
> Route metric is 0, traffic share count is 1
>
> Rack4R4#
>
> Looks like it has a distance of 1 to me ;-)
>
> Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
> brian@labforge.com
> http://www.labforge.com
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Mike Williams
> Sent: Tuesday, February 25, 2003 5:34 AM
> To: 'Roberts, Larry'; ccielab@groupstudy.com
> Subject: RE: Does anyone know if this is possible?
>
> That's only partially correct. There are 2 kinds of static routes: One
> that points to next hop L3 address which have an AD of 1, or one that
> points out the exit interface which have an AD of 0.
>
> But I'm in agreement with you in that I can't understand a reason why
> you'd want (need) to do this, unless your Dilbert-esque upper management
> requires it because they read about it in some industry magazine or
> something... LOL
>
> Mike W.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Roberts, Larry
> Sent: Monday, February 24, 2003 9:18 PM
> To: ccielab@groupstudy.com
> Subject: RE: Does anyone know if this is possible?
>
>
> A static route has an AD of 1. A directly connected interface has a AD
> of 0, so the directly connected interface would always win.
>
> I am curious as to why you would want to do this as well. I can't fathom
> a reason, so I'm sure that some Sr. Exec. Has requested you do this :)
>
> Thanks
>
> Larry
>
> -----Original Message-----
> From: Cassidy D. Smith [mailto:csmith@plannetconsulting.com]
> Sent: Monday, February 24, 2003 7:30 PM
> To: 'Jerry'; ccielab@groupstudy.com
> Subject: RE: Does anyone know if this is possible?
>
>
> Can you explain WHY you need to do this? There may be some tricks we
> can do with host routes and policy routing. However understanding the
> problem may result in a more elegant and optimal solution. Like NAT or
> ICMP redirects. So if you can give us the "play by play" start with
> where a packet will be sourced and where it's ultimate destination is.
>
>
> Cassidy
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Jerry
> Sent: Monday, February 24, 2003 2:58 PM
> To: ccielab@groupstudy.com
> Subject: Does anyone know if this is possible?
>
>
> Hello,
>
> I need to put a static route into an 8540, however it's next
> hop ip address is in the same network
> I am routing to. Example -- ip route 198.64.10.0 255.255.255.0
> 198.64.10.1 Does anyone know if this is possible?
>
>
> Jerry
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:35 GMT-3