From: Alexander Arsenyev (GU/ETL) (alexander.arsenyev@ericsson.com)
Date: Sat Jun 26 2004 - 16:36:38 GMT-3
Hello,
Is anyone still interested in finding solutions alternative to NAT?
Then I've managed to find yet another solution or, better to say, a modification of my "summary network as secondary"
solution, without static ARP entries. The trick is to assign the secondary addresses to Cat3550 L3 interface AND to R5' Eth0 interface as well. This way Cat3550 can answer pings from ALL lab subnetworks within 142.6.0.0/16 range (lab supernet/summary).
Please see configs below (long text):
Cat3550#sh run
Building configuration...
Current configuration : 2350 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cat3550
!
!
ip subnet-zero
ip routing
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
interface Loopback0
ip address 150.6.8.8 255.255.255.0
!
interface FastEthernet0/1
switchport mode dynamic desirable
!
interface FastEthernet0/2
switchport mode dynamic desirable
!
interface FastEthernet0/3
switchport mode dynamic desirable
!
interface FastEthernet0/4
switchport mode dynamic desirable
!
interface FastEthernet0/5
switchport mode dynamic desirable
!
interface FastEthernet0/6
switchport mode dynamic desirable
!
interface FastEthernet0/7
switchport mode dynamic desirable
!
interface FastEthernet0/8
switchport mode dynamic desirable
!
interface FastEthernet0/9
switchport mode dynamic desirable
!
interface FastEthernet0/10
switchport mode dynamic desirable
!
interface FastEthernet0/11
switchport mode dynamic desirable
!
interface FastEthernet0/12
switchport mode dynamic desirable
!
interface FastEthernet0/13
switchport mode dynamic desirable
!
interface FastEthernet0/14
switchport mode dynamic desirable
!
interface FastEthernet0/15
switchport mode dynamic desirable
!
interface FastEthernet0/16
switchport mode dynamic desirable
!
interface FastEthernet0/17
switchport mode dynamic desirable
!
interface FastEthernet0/18
switchport mode dynamic desirable
!
interface FastEthernet0/19
switchport mode dynamic desirable
!
interface FastEthernet0/20
switchport mode dynamic desirable
!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
switchport mode dynamic desirable
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 142.6.255.254 255.255.0.0 secondary <----Cat3550 sees all lab subnetworks as directly connected
ip address 142.6.58.35 255.255.255.0
!
ip classless
ip http server
!
alias exec ib sh ip int brief
alias exec ir show ip route
alias exec io show ip ospf
alias exec ig show ip bgp
!
line con 0
exec-timeout 0 0
privilege level 15
line vty 0 4
privilege level 15
no login
line vty 5 15
privilege level 15
no login
!
!
end
Cat3550#
R5>en
R5#sh run
Building configuration...
Current configuration:
!
version 11.0
service udp-small-servers
service tcp-small-servers
!
hostname R5
!
!
ip subnet-zero
!
interface Loopback0
ip address 142.6.13.5 255.255.255.0
!
interface Loopback1
ip address 142.6.14.5 255.255.255.0
!
interface Loopback2
ip address 142.6.23.5 255.255.255.0
!
interface Loopback3
ip address 142.6.43.5 255.255.255.0
!
interface Ethernet0
ip address 142.6.255.253 255.255.255.252 secondary <---this makes R5 to answer ARP requests from Cat3550
ip address 142.6.58.5 255.255.255.0
no ip mroute-cache
!
interface Serial0
no ip address
no ip mroute-cache
shutdown
!
interface Serial1
no ip address
no ip mroute-cache
shutdown
!
ip classless
ip route 150.6.8.0 255.255.255.0 142.6.58.35
logging buffered 65536
alias exec ib show ip int brief
alias exec ir show ip route
alias exec io show ip ospf
alias exec ig show ip bgp
!
line con 0
line 1 16
no exec
transport input telnet
line aux 0
transport input all
line vty 0 4
password cisco
login
!
end
Proof of concept:
- ARP table on Cat3550 before test
Cat3550#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 142.6.255.254 - 0008.e3c3.7b00 ARPA Vlan1
Internet 142.6.58.35 - 0008.e3c3.7b00 ARPA Vlan1
- Pings from Cat3550:
Cat3550#ping 142.6.13.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 142.6.13.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
Cat3550#ping 142.6.14.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 142.6.14.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
Cat3550#ping 142.6.23.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 142.6.23.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
Cat3550#ping 142.6.43.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 142.6.43.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
- Pings from R5:
R5#ping
Protocol [ip]:
Target IP address: 150.6.8.8
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: Loopback0
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.6.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R5#ping
Protocol [ip]:
Target IP address: 150.6.8.8
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: Loopback1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.6.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R5#ping
Protocol [ip]:
Target IP address: 150.6.8.8
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 142.6.23.5
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.6.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R5#ping
Protocol [ip]:
Target IP address: 150.6.8.8
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 142.6.43.5
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.6.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R5#
- Cat3550 ARP table after the test:
Cat3550#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 142.6.13.5 0 0010.7be8.7281 ARPA Vlan1
Internet 142.6.14.5 0 0010.7be8.7281 ARPA Vlan1
Internet 142.6.255.254 - 0008.e3c3.7b00 ARPA Vlan1
Internet 142.6.58.35 - 0008.e3c3.7b00 ARPA Vlan1
Internet 142.6.23.5 0 0010.7be8.7281 ARPA Vlan1
Internet 142.6.43.5 0 0010.7be8.7281 ARPA Vlan1
Any comments?
HTH,
Cheers
Alex
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:50 GMT-3