03-13-2008 02:48 PM - edited 03-03-2019 09:07 PM
Hi, I have a T1 connected to the internet. The WAN address is assigned to the ethernet 0/0 interface. We have a secondary IP address on the ethernet 0/0 interface that is a private address that belongs to the LAN. Some before me set this up and I don't know why it was done that way. Can anyone tell me any benefits of this configuration? or reason why would you do this? I would like to get rid off the WAN addresss because it causes some minor issues. Here is the config.
interface Serial0/3/0
mtu 4470
no ip address
encapsulation frame-relay IETF
ip route-cache flow
no ip mroute-cache
no fair-queue
frame-relay lmi-type ansi
interface Serial0/3/0.500 point-to-point
bandwidth 1536
ip unnumbered GigabitEthernet0/0
ip access-group 112 in
ip nat outside
ip inspect vsafw out
ip virtual-reassembly
no cdp enable
frame-relay interface-dlci 500 IETF
interface GigabitEthernet0/0
ip address 172.21.19.1 255.255.255.0 secondary
ip address 63.x.x.129 255.255.255.128
ip nat inside
Solved! Go to Solution.
03-13-2008 03:15 PM
Bart
I have a customer with a very similar configuration on their Internet facing router. I suspect that the logic of your setup is very similar to theirs. They have a point to point Frame Relay interface which is configured with ip unnumbered pointing to the LAN interface. The LAN interface has the public IP as its primary address and has a private address as secondary. The main reason that they do this is that it allows the IP block assigned to them by their provider to be used on the LAN interface. They have a number of machines on the LAN configured with public addresses. It allows the public address to be used without setting up address translation for them.
If you do show ARP on your router do you see MAC addresses on the LAN for the "public" subnet? If so then you have machines on the LAN configured with the public addresses like my customer does. If you move the public address from the LAN to the WAN as you wish to do you will need to readdress the machines on the inside and to set up translations (many of which will need to be static translations if the machines need a consistent address appearance in the Internet.
HTH
Rick
03-13-2008 02:51 PM
Perhaps they were going thru a re-IP process and this was a migration step?
__
Edison.
03-13-2008 03:03 PM
Not that I know of, but I want to get rid of it however I want to make sure it won't break anything for examale NAT. I have some issues with this WAN address because when I ping another router that is also connected to the same switch the packet gets dropped by the switch because the switch doesn't know about the WAN network. However when I do ping with source of LAN address 172.21.19.1 the ping works fine.
03-13-2008 03:15 PM
Bart
I have a customer with a very similar configuration on their Internet facing router. I suspect that the logic of your setup is very similar to theirs. They have a point to point Frame Relay interface which is configured with ip unnumbered pointing to the LAN interface. The LAN interface has the public IP as its primary address and has a private address as secondary. The main reason that they do this is that it allows the IP block assigned to them by their provider to be used on the LAN interface. They have a number of machines on the LAN configured with public addresses. It allows the public address to be used without setting up address translation for them.
If you do show ARP on your router do you see MAC addresses on the LAN for the "public" subnet? If so then you have machines on the LAN configured with the public addresses like my customer does. If you move the public address from the LAN to the WAN as you wish to do you will need to readdress the machines on the inside and to set up translations (many of which will need to be static translations if the machines need a consistent address appearance in the Internet.
HTH
Rick
03-13-2008 03:22 PM
Thanks again Rick, we don't have public addresses on the LAN and we use NAT for all translations so I think that it won't break anything. Thank for pointing that out. Maybe in the past the public addresses were on the LAN.
03-13-2008 05:26 PM
You could always use a ping sweep utility to scan 63.104.1.129 network to be on the safe side that there are not local hosts configured with any address under this net, I have seen in the past when decomissioning subnets some old host devices not showing in arp table and suddenly do show up in ping sweeps, worsed case scenario someone will scream when network is removed from interface and can always be placed back, if no one does then you are safe.
03-13-2008 07:43 PM
Bart
It was an interesting question and I am glad that my response was helpful. Thank you for using the rating system to indicate that your question was resolved. It makes the forum more useful when people can read a question and can know that they will read a response that successfully resolved the question.
The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.
HTH
Rick
03-14-2008 01:43 PM
Hi,
Such configurations are also employed when you don't have sufficient interfaces on the routers.Because in such case a single interface serves as both WAN and LAN interfaces.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: