01-10-2006 05:59 PM - edited 03-03-2019 11:25 AM
Hi,
I have 3750 used as core for routing.I have multiple VLANs configured and used EIGRP as my routing.
***
!
!
interface Vlan10
ip address 192.16.0.2 255.255.224.0
no ip unreachables
router eigrp 172
network 192.16.0.0
no auto-summary
no eigrp log-neighbor-changes
!
!
My problem is that hosts connected to
to VLANs can still used the network even if their subnet mask is change to /16.I using /19 for all network.Please,any advice..
01-10-2006 06:42 PM
I am assuming you are saying that you changed the subnet mask for your hosts from /19 to /16...
If you do this, the following will happen:
- to reach other subnets of 192.168.0.0 (for example, an address of 192.168.100.1) the hosts would have previously used the 3750 (as a gateway)
- with the /16 mask, the hosts will believe all addresses within 192.168.0.0/16 are directly connected and will ARP for them
- since proxy ARP is turned on by default, the 3750 will respond to these ARPs, sending its own MAC address for these addresses.
Therefore, everything will still work. However, this config is sub-optimal and should be fixed to use the right masks.
Have I answered your question.
Pls rate the post if it helps.
Paresh.
01-10-2006 07:26 PM
Hi,
Thanks, my interface vlan belongs to 172.17.0.0/19(my actual IP Block)with interface ip add of 172.17.0.1/19 and as a gateway for hosts that belong to that vlan.i want that all hosts on that VLAN can "only connect" if using /19.But host can still use the network even if i change the host subnet mask to /16.If i will disable the proxy ARP how does it affect the scenario?
Thanks
01-10-2006 07:36 PM
If you disable proxy-arp, all that will prevent is the ability of the hosts using the /16 mask to communicate with other addresses within the 172.17.0.0/16 (i.e IP addresses outside the first /19)
However, if you want to stop hosts that are using a /16 mask from communicating with any remote addresses at all, you simply cannot do it this way. No matter what the subnet mask on a host is, when it sends an IP packet it will use its IP address as the source address in the IP packet. There is absolutely no indication of subnet mask at all so you simply cannot filter on the basis of that.
May I ask what your reasoning for doing this is ? Maybe there is another solution to achieving what you want.
Paresh.
01-10-2006 08:40 PM
hi,
Thank you very much.All i need is my hosts to use the /19 mask since all network is in /19.I decided to disable the proxy-arp
01-10-2006 08:50 PM
Excellent.
Pls do rate the posts you found useful.
Regards,
Paresh.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide