RE: 2511 setup

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Tue Dec 23 2003 - 01:31:46 GMT-3

• Next message: Mark Rushby: "Study partner"
• Previous message: Brian McGahan: "RE: Break sequence for menu"
• Maybe in reply to: Hunt Lee: "2511 setup"
• Next in thread: David Hiers: "RE: 2511 setup"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Kurt,

        You cannot have a secondary address on an interface that gets an IP
via DHCP. However, there is a workaround.

        A DHCP server will ping an address before it leases that address
out. Therefore you can steal an address out of the provider's pool and
treat it as your own static address. Simply do an 'ip address dhcp' on the
Ethernet interface, and see what subnet the segment is using. Then pick an
address in that subnet to use. As the DHCP server typically starts at the
bottom of the pool and counts up, it is advisable to pick an address towards
the end of the pool. Make sure you ping the address first to ensure that no
one else is using it.

        Also if you want to use DNS to reach your home network take a look
at a dynamic DNS service such as http://www.dyndns.org.

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 708-362-1418 (Outside the US and Canada)

> -----Original Message-----
> From: Kurt Kruegel [mailto:kurt@cybernex.net]
> Sent: Monday, December 22, 2003 9:56 PM
> To: Brian McGahan
> Subject: Re: 2511 setup
>
> thanks
> what about a situation where you don't know the isp address
> and the cable provider hands it out via dhcp.
> can you use ip address dhcp
> on the secondary interface to make a dhcp client ?
>
> ----- Original Message -----
> From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> To: "'Kurt Kruegel'" <kurt@cybernex.net>
> Sent: Monday, December 22, 2003 9:44 PM
> Subject: RE: 2511 setup
>
>
> > Kurt,
> >
> > Yes, it's called nat on a stick:
> >
> >
> http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a00
> 80
> > 094430.shtml
> >
> >
> > HTH,
> >
> > Brian McGahan, CCIE #8593
> > bmcgahan@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987
> > Direct: 708-362-1418 (Outside the US and Canada)
> >
> >
> > > -----Original Message-----
> > > From: Kurt Kruegel [mailto:kurt@cybernex.net]
> > > Sent: Monday, December 22, 2003 7:02 PM
> > > To: Brian McGahan
> > > Subject: Re: 2511 setup
> > >
> > > wow !!!
> > > i had no idea ....
> > > is there a link i could look @ ?
> > >
> > >
> > > ----- Original Message -----
> > > From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> > > To: "'Joseph Rinehart'" <jjrinehart@hotmail.com>;
> > > <ccielab@groupstudy.com>;
> > > <huntl@webcentral.com.au>
> > > Sent: Monday, December 22, 2003 1:16 PM
> > > Subject: RE: 2511 setup
> > >
> > >
> > > > Actually yes you can do this. Plug your inside network and outside
> > > > network into the same broadcast segment (same VLAN/hub etc) and run
> NAT
> > > on
> > > a
> > > > stick. This way the Ethernet of the 2511 is both the inside and the
> > > outside
> > > > interface. Here's a code snippet:
> > > >
> > > > interface Loopback0
> > > > description ANY ARBITRARY ADDRESS
> > > > ip address 192.168.255.255 255.255.255.255
> > > > ip nat inside
> > > > !
> > > > interface Ethernet0
> > > > description PRIMARY IS PUBLIC, SECONDARY IS PRIVATE
> > > > ip address 192.168.1.1 255.255.255.0 secondary
> > > > ip address 1.2.3.4 255.255.255.0
> > > > ip nat outside
> > > > ip policy route-map POLICY
> > > > !
> > > > ip nat pool INSIDE_GLOBAL 1.2.3.4 1.2.3.4 netmask 255.255.255.0
> > > > ip nat inside source list INSIDE_LOCAL pool INSIDE_GLOBAL overload
> > > > ip route 0.0.0.0 0.0.0.0 1.2.3.1
> > > > !
> > > > ip access-list standard INSIDE_LOCAL
> > > > remark THE INSIDE LOCAL NAT POOL
> > > > permit 192.168.1.0 0.0.0.255
> > > > !
> > > > ip access-list extended POLICY
> > > > remark MATCH ANY TRAFFIC ORIGINATED FROM PRIVATE HOSTS
> > > > permit ip 192.168.1.0 0.0.0.255 any
> > > > !
> > > > route-map POLICY permit 10
> > > > description MATCH ANY TRAFFIC ORIGINATED FROM PRIVATE HOSTS AND
> SEND
> IT
> > > > THROUGH THE NAT PROCESS
> > > > match ip address POLICY
> > > > set interface Loopback0
> > > > !
> > > > route-map POLICY deny 20
> > > > !
> > > > end
> > > >
> > > > Brian McGahan, CCIE #8593
> > > > bmcgahan@internetworkexpert.com
> > > >
> > > > Internetwork Expert, Inc.
> > > > http://www.InternetworkExpert.com
> > > > Toll Free: 877-224-8987
> > > > Direct: 708-362-1418 (Outside the US and Canada)
> > > >
> > > > > -----Original Message-----
> > > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf
> > > Of
> > > > > Joseph Rinehart
> > > > > Sent: Monday, December 22, 2003 10:31 AM
> > > > > To: ccielab@groupstudy.com
> > > > > Subject: Re: 2511 setup
> > > > >
> > > > > are you running any type of NAT?
> > > > > ----- Original Message -----
> > > > > From: "Hunt Lee" <huntl@webcentral.com.au>
> > > > > To: <ccielab@groupstudy.com>
> > > > > Sent: Sunday, December 21, 2003 4:25 PM
> > > > > Subject: 2511 setup
> > > > >
> > > > >
> > > > > > Hi guys,
> > > > > >
> > > > > > I only have 1 public IP...
> > > > > >
> > > > > > Internet ------ ADSL modem ------ 2511
> > > > > >
> > > > > > Currently, I have to get to my home's PC behind the ADSL modem,
> and
> > > then
> > > > > > telnet from there to my 2511.
> > > > > >
> > > > > > All I wanted to do is to be able to telnet into my 2511 directly
> > > from
> > > > > > the Internet. Is this possible?
> > > > > >
> > > > > > Cheers,
> > > > > > L.
> > > > > >
> > > > > >
> > >
> _______________________________________________________________________
> > > > > > Please help support GroupStudy by purchasing your study
> materials
> > > from:
> > > > > > http://shop.groupstudy.com
> > > > > >
> > > > > > Subscription information may be found at:
> > > > > > http://www.groupstudy.com/list/CCIELab.html
> > > > >
> > > > >
> > >
> _______________________________________________________________________
> > > > > Please help support GroupStudy by purchasing your study materials
> > > from:
> > > > > http://shop.groupstudy.com
> > > > >
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> _______________________________________________________________________
> > > > Please help support GroupStudy by purchasing your study materials
> from:
> > > > http://shop.groupstudy.com
> > > >
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html

• Next message: Mark Rushby: "Study partner"
• Previous message: Brian McGahan: "RE: Break sequence for menu"
• Maybe in reply to: Hunt Lee: "2511 setup"
• Next in thread: David Hiers: "RE: 2511 setup"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:44 GMT-3