02-05-2004 11:04 PM - edited 03-02-2019 01:24 PM
If a router has one interface with private IP address (e.g. 10.0.0.1) and another with public IP address (e.g. 1.1.1.1) and NAT is NOT enabled on the router, will the router perform routing between those interfaces?
Also, is it possible to turn on and off routing between those interfaces?
(I'd probably test it by myself, but unfortunately I don't have equipment).
Thanks all for answers.
02-06-2004 03:15 AM
I think if your routing configuration is correct and you DON'T use this router to connect to the public Internet it will work without NAT. About turning off routing between interfaces I think one way to do so is configuring ACLs.
HTH
02-06-2004 05:08 AM
1,if you want to connect to the internet,you will use NAT
2,if you want to connect to other layer 3 devices,for example,router or Pix,you will perform routing
Defaultly,router perform routing bewteen derectly interfaces
02-06-2004 06:53 AM
A router will always route between the interfaces as long as you enable IP routing (the command "ip routing" is enabled by default). It doesn't matter which IP address the interface is configured with - even if you use a mix of private and public.
Assuming that you have more than two interfaces on this router, to avoid routing between between your two interfaces with address 10.0.0.1 and 1.1.1.1, you must define an outgoing ACL on your interface towards the public network. This way your interface with the internal address can continue to talk to the router itself and any of other interfaces. If you have more than one interface with a public address, use the same ACL on all of them.
Note that this is necessary ONLY if your interface with the public address really is connected to the world outside. You may use a mix of private and public addresses internally, but never send a private address out on Internet. Then you must configure and use NAT.
Example:
access-list 1 deny 10.0.0.0 255.0.0.0
access-list 1 permit any
Interface ethernet 0
description external network
ip address 1.1.1.1 255.255.255.0
ip access-group 1 out
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide