RE: 2511 setup

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Tue Dec 23 2003 - 18:52:52 GMT-3

• Next message: Brian McGahan: "RE: Bridging 2 serial interface"
• Previous message: Tomikawa: "Bridging 2 serial interface"
• Maybe in reply to: Hunt Lee: "2511 setup"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

David,

        True. It's typically an option that is not on by default on the
server if supported. In other words, use at your own risk as ymmv ;)

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 708-362-1418 (Outside the US and Canada)

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> David Hiers
> Sent: Tuesday, December 23, 2003 8:56 AM
> To: ccielab@groupstudy.com
> Subject: RE: 2511 setup
>
> One gotcha in the crime plan... RFC 2131 indicates that the pinging
> described below is a SHOULD, not a MUST type requirement. There might be
> compliant servers that do not test before allocating.
>
> David
>
>
> ********************************************
> David Hiers
> CCIE, CISSP
> ADP Dealer Services
> 2525 SW First Avenue
> Portland, OR 97201
>
> v: 503 402 3703
> email: david_hiers@adp.com
> ********************************************
>
>
> -----Original Message-----
> From: Brian McGahan [mailto:bmcgahan@internetworkexpert.com]
> Sent: Monday, December 22, 2003 8:32 PM
> To: 'Kurt Kruegel'; ccielab@groupstudy.com
> Subject: RE: 2511 setup
>
>
> Kurt,
>
> You cannot have a secondary address on an interface that gets an IP
> via DHCP. However, there is a workaround.
>
> A DHCP server will ping an address before it leases that address
> out. Therefore you can steal an address out of the provider's pool and
> treat it as your own static address. Simply do an 'ip address dhcp' on
> the
> Ethernet interface, and see what subnet the segment is using. Then pick
> an
> address in that subnet to use. As the DHCP server typically starts at the
> bottom of the pool and counts up, it is advisable to pick an address
> towards
> the end of the pool. Make sure you ping the address first to ensure that
> no
> one else is using it.
>
> Also if you want to use DNS to reach your home network take a look
> at a dynamic DNS service such as http://www.dyndns.org.
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 708-362-1418 (Outside the US and Canada)
>
>
> > -----Original Message-----
> > From: Kurt Kruegel [mailto:kurt@cybernex.net]
> > Sent: Monday, December 22, 2003 9:56 PM
> > To: Brian McGahan
> > Subject: Re: 2511 setup
> >
> > thanks
> > what about a situation where you don't know the isp address
> > and the cable provider hands it out via dhcp.
> > can you use ip address dhcp
> > on the secondary interface to make a dhcp client ?
> >
> > ----- Original Message -----
> > From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> > To: "'Kurt Kruegel'" <kurt@cybernex.net>
> > Sent: Monday, December 22, 2003 9:44 PM
> > Subject: RE: 2511 setup
> >
> >
> > > Kurt,
> > >
> > > Yes, it's called nat on a stick:
> > >
> > >
> >
> http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a00
> > 80
> > > 094430.shtml
> > >
> > >
> > > HTH,
> > >
> > > Brian McGahan, CCIE #8593
> > > bmcgahan@internetworkexpert.com
> > >
> > > Internetwork Expert, Inc.
> > > http://www.InternetworkExpert.com
> > > Toll Free: 877-224-8987
> > > Direct: 708-362-1418 (Outside the US and Canada)
> > >
> > >
> > > > -----Original Message-----
> > > > From: Kurt Kruegel [mailto:kurt@cybernex.net]
> > > > Sent: Monday, December 22, 2003 7:02 PM
> > > > To: Brian McGahan
> > > > Subject: Re: 2511 setup
> > > >
> > > > wow !!!
> > > > i had no idea ....
> > > > is there a link i could look @ ?
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> > > > To: "'Joseph Rinehart'" <jjrinehart@hotmail.com>;
> > > > <ccielab@groupstudy.com>;
> > > > <huntl@webcentral.com.au>
> > > > Sent: Monday, December 22, 2003 1:16 PM
> > > > Subject: RE: 2511 setup
> > > >
> > > >
> > > > > Actually yes you can do this. Plug your inside network and
> outside
> > > > > network into the same broadcast segment (same VLAN/hub etc) and
> run
> > NAT
> > > > on
> > > > a
> > > > > stick. This way the Ethernet of the 2511 is both the inside and
> the
> > > > outside
> > > > > interface. Here's a code snippet:
> > > > >
> > > > > interface Loopback0
> > > > > description ANY ARBITRARY ADDRESS
> > > > > ip address 192.168.255.255 255.255.255.255
> > > > > ip nat inside
> > > > > !
> > > > > interface Ethernet0
> > > > > description PRIMARY IS PUBLIC, SECONDARY IS PRIVATE
> > > > > ip address 192.168.1.1 255.255.255.0 secondary
> > > > > ip address 1.2.3.4 255.255.255.0
> > > > > ip nat outside
> > > > > ip policy route-map POLICY
> > > > > !
> > > > > ip nat pool INSIDE_GLOBAL 1.2.3.4 1.2.3.4 netmask 255.255.255.0
> > > > > ip nat inside source list INSIDE_LOCAL pool INSIDE_GLOBAL overload
> > > > > ip route 0.0.0.0 0.0.0.0 1.2.3.1
> > > > > !
> > > > > ip access-list standard INSIDE_LOCAL
> > > > > remark THE INSIDE LOCAL NAT POOL
> > > > > permit 192.168.1.0 0.0.0.255
> > > > > !
> > > > > ip access-list extended POLICY
> > > > > remark MATCH ANY TRAFFIC ORIGINATED FROM PRIVATE HOSTS
> > > > > permit ip 192.168.1.0 0.0.0.255 any
> > > > > !
> > > > > route-map POLICY permit 10
> > > > > description MATCH ANY TRAFFIC ORIGINATED FROM PRIVATE HOSTS AND
> > SEND
> > IT
> > > > > THROUGH THE NAT PROCESS
> > > > > match ip address POLICY
> > > > > set interface Loopback0
> > > > > !
> > > > > route-map POLICY deny 20
> > > > > !
> > > > > end
> > > > >
> > > > > Brian McGahan, CCIE #8593
> > > > > bmcgahan@internetworkexpert.com
> > > > >
> > > > > Internetwork Expert, Inc.
> > > > > http://www.InternetworkExpert.com
> > > > > Toll Free: 877-224-8987
> > > > > Direct: 708-362-1418 (Outside the US and Canada)
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > Behalf
> > > > Of
> > > > > > Joseph Rinehart
> > > > > > Sent: Monday, December 22, 2003 10:31 AM
> > > > > > To: ccielab@groupstudy.com
> > > > > > Subject: Re: 2511 setup
> > > > > >
> > > > > > are you running any type of NAT?
> > > > > > ----- Original Message -----
> > > > > > From: "Hunt Lee" <huntl@webcentral.com.au>
> > > > > > To: <ccielab@groupstudy.com>
> > > > > > Sent: Sunday, December 21, 2003 4:25 PM
> > > > > > Subject: 2511 setup
> > > > > >
> > > > > >
> > > > > > > Hi guys,
> > > > > > >
> > > > > > > I only have 1 public IP...
> > > > > > >
> > > > > > > Internet ------ ADSL modem ------ 2511
> > > > > > >
> > > > > > > Currently, I have to get to my home's PC behind the ADSL
> modem,
> > and
> > > > then
> > > > > > > telnet from there to my 2511.
> > > > > > >
> > > > > > > All I wanted to do is to be able to telnet into my 2511
> directly
> > > > from
> > > > > > > the Internet. Is this possible?
> > > > > > >
> > > > > > > Cheers,
> > > > > > > L.
> > > > > > >
> > > > > > >
> > > >
> > _______________________________________________________________________
> > > > > > > Please help support GroupStudy by purchasing your study
> > materials
> > > > from:
> > > > > > > http://shop.groupstudy.com
> > > > > > >
> > > > > > > Subscription information may be found at:
> > > > > > > http://www.groupstudy.com/list/CCIELab.html
> > > > > >
> > > > > >
> > > >
> > _______________________________________________________________________
> > > > > > Please help support GroupStudy by purchasing your study
> materials
> > > > from:
> > > > > > http://shop.groupstudy.com
> > > > > >
> > > > > > Subscription information may be found at:
> > > > > > http://www.groupstudy.com/list/CCIELab.html
> > > > >
> > > > >
> > _______________________________________________________________________
> > > > > Please help support GroupStudy by purchasing your study materials
> > from:
> > > > > http://shop.groupstudy.com
> > > > >
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Brian McGahan: "RE: Bridging 2 serial interface"
• Previous message: Tomikawa: "Bridging 2 serial interface"
• Maybe in reply to: Hunt Lee: "2511 setup"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:44 GMT-3