From: john matijevic (matijevi@bellsouth.net)
Date: Fri Oct 08 2004 - 11:45:45 GMT-3
Hello,
This issue has been discussed already, this issue comes from the new
cisco press lab book, CCIE Routing and Switching practice labs on page
34. You can review the lab debrief there. If you do a debug ip nat
detail, on the source router, where your nat configuration is, you
should see that the multicast, is being translated to the unicast. Than
on the other end of the connection, if you do a debug ip packet detail,
you should see the unicast.
Sincerely,
John Matijevic, CCIE #13254, MCSE, CNE, CCEA
CEO
IgorTek Inc.
151 Crandon Blvd. #402
Key Biscayne, FL 33149
Hablo Espanol
305-321-6232
http://home.bellsouth.net/p/PWP-CCIE
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
jfaure@sztele.com
Sent: Friday, October 08, 2004 6:49 AM
To: Brian Dennis
Cc: ccielab@groupstudy.com; gladston@br.ibm.com; nobody@groupstudy.com
Subject: RE: NAT Outside & RIP unicast updates
Hi Group:
Firstly, sorry to retake this "older" issue, but until now i have no
time
to test it and i have some doubts. I am wondering about how to do to to
only send unicast updates with rip NOT USING NEIGHBOR command, and 2
months
ago i have seen the attached mail that it seemed interesting.
I've tried to implement on a very simple scenario
R3-2600-- - - - - - - - - - - - - - - --R4-2513
s0/0.1 s0.1
My configs:
-R3-2600
interface Serial0/0
no ip address
encapsulation frame-relay IETF
frame-relay lmi-type q933a
!
interface Serial0/0.1 point-to-point
ip address 212.51.48.86 255.255.255.252
ip nat outside
frame-relay interface-dlci 1006
router rip
version 2
network 212.51.48.0
no auto-summary
!
ip nat outside source static udp 212.51.48.85 520 224.0.0.9 520
extendable
-R4-2513
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface Serial0
no ip address
encapsulation frame-relay IETF
no fair-queue
frame-relay lmi-type q933a
!
interface Serial0.1 point-to-point
ip address 212.51.48.85 255.255.255.252
ip nat outside
frame-relay interface-dlci 1006
router rip
version 2
network 1.0.0.0
network 212.51.48.0
no auto-summary
!
ip nat outside source static udp 212.51.48.86 520 224.0.0.9 520
extendable
With this config, if i do a debug ip packet on router R3, i only see
unicast updates received, but none sent
R3-2600#sh deb condit
Condition 1: interface Se0/0.1 (1 flags triggered)
Flags: Se0/0.1
R3-2600#debug ip pack
IP packet debugging is on
R3-2600#
03:22:12: IP: s=212.51.48.85 (Serial0/0.1), d=212.51.48.86, len 52, rcvd
2
03:22:41: IP: s=212.51.48.85 (Serial0/0.1), d=212.51.48.86, len 52, rcvd
2
And the other end, the R4 only displays sended rip updates but to
224.0.0.9
address (none received )
R4-2513#sh deb condit
Condition 1: interface Se0.1 (1 flags triggered)
Flags: Se0.1
R4-2513#debug ip pack
IP packet debugging is on
R4-2513#
03:25:34: IP: s=212.51.48.85 (local), d=224.0.0.9 (Serial0.1), len 52,
sending broad/multicast
03:26:01: IP: s=212.51.48.85 (local), d=224.0.0.9 (Serial0.1), len 52,
sending broad/multicast
Curiously, the RIP "adjacency" is working fine, i can see all the time
the
1.1.1.1 address at R3
R3-2600#sh ip route rip
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 212.51.48.85, 00:00:13, Serial0/0.1
Please, can anyone say if there is a way to only allow unicast updates
using rip and NOT USING NEIGHBOR command? Or maybe i am lossing
something
important at my configs? I don't understand how R3 don't display at the
"debug ip packet output" any packet sent to 224.0.09... can the nating
translate "self-originated traffic" of a router?
By the way, i am using 12.1.16 ios because my equipment has no resources
to
install 12.2
Regards
"Brian Dennis"
<bdennis@internetworke Para:
<gladston@br.ibm.com>, <ccielab@groupstudy.com>
xpert.com> cc:
Enviado por: Asunto: RE: NAT Outside
11/08/2004 20:25
Por favor, responda a
"Brian Dennis"
<Qoute>
At the first glance I would say that this example would translate source
address whit IP 172.16.0.2 to 224.0.0.9 when the packet goes from
outside to inside; ok, it would really does it if there was a response
for RIP updates, which is not the case.
</Quote>
The source IP address of a packet is never multicast. The translation
is changing the normal RIPv2 destination address of 224.0.0.9 to the
unicast address of 172.16.0.2.
The logic of the command is:
ip nat outside source static <global-ip> <local-ip>
In this case the original destination IP address of 224.0.0.9 (local-ip)
is NAT'ed to 172.16.0.2 (global-ip).
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: Wednesday, August 11, 2004 10:47 AM
To: ccielab@groupstudy.com
Subject: NAT Outside
There is this example at Cisco Lab Press book:
int fa 0/0
ip ad 172.16.0.1
ip nat outside
!
ip nat outside source static udp 172.16.0.2 520 224.0.0.9 520
!
end
The goal is to unicast RIP packets instead of broadcast it to the
multicast address 224.0.09. I implemented it and it works really nice.
What I would appreciate is any tip about the interpretation of a "nat
outside" statement when reading it.
At the first glance I would say that this example would translate source
address whit IP 172.16.0.2 to 224.0.0.9 when the packet goes from
outside to inside; ok, it would really does it if there was a response
for RIP updates, which is not the case.
Is there a logical way to think about it? or just memorize?
This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:45 GMT-3