1. Home
  2. Cisco Systems
  3. Routing for Verizon FIOS -- Reward for answer
  4. Page 2

Routing for Verizon FIOS -- Reward for answer

Do you need use of all 61 available address ?

Becuase another option that one of the other responders proposed was to put part of the space on the outside interface and part on the inside

like so

int fa 0/0 description inside LAN interface ip addr 70.x.x.98 255.255.255.224 ! default gateway

int fa 0/1 description outside interface facing Verizon FIOS ONT ip addr 70.x.x.66 255.255.255.224 ip proxy-arp ! to answer ARP requests from 70.x.x.1

ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 70.x.x.1

You can use small block on outside and then add secondary address blocks to inside if you want to go to the bother

Reply to
Merv
Loading thread data ...

Yes, except you would need to ensure Verizon adds a route (or turn up a protocol) to ensure that they know how to get back into the second half of your range. They would also need to turn up a secondary address, as .98/27 doesn't include .1 which is the gateway. You could turn up .68/30 with .69 as their secondary IP, .70 as your router, and then .96/27 on the inside interface. You'd lose .71-.95 unless you want to subinterface the router's connection back to the internal switch and trunk a /29, /28, and /27 instead. Although since Verizon doesn't seem to be able to do anything but transfer your calls, they probably won't turn up a secondary interface (even if its in your address range), and most likely will not add a static route for those subnets. May be worth a call though.....

Reply to
Trendkill

No - proxy ARP should take care of this is it is enabled on the cisco WAN interface.

The cisco will repond to ARP requests where it is the preferred route to the destination IP - in this case any IP addresses on the LAN side of the cisco.

You can map further blocks on the LAN with static routes to the LAN side interface if the WAN side is only a small block such as a /30.

ip route 70.x.x.80 255.255.255.240 FastEth 0/0 for example maps another 16 addresses.

They would also need to turn up a secondary

Golden rule with a carrier who doesnt seem to have systems to do something, is not to ask for anything non standard (ie not standard for them).

Even if you get it sorted and it works, can you get it to stay like that, or will someone "fix" it for you when they notice ?

Reply to
stephen

| Based on numerous tests, I have come to the conclusion that the | router/switch on Verizon's side is totally spoof protected: It will not | respond to an ARP query unless the source address is one of the 61 addresses | assigned to us

You could always add a static arp entry for Verizon's gateway on your end and proceed with option D as I indicated. Of course, if they change their MAC address you will lose connectivity until you adapt.

| (we've tried .2 and also tried assigning 10.1.1.1 to the | outside of the router, and giving a static route to our gateway.) In one | case, .2 worked briefly -- probably because we had just swiched over, and it | had an association of our MAC address with a valid IP.

Possibly there had been an incoming packet to which your router had responded as a proxy. That would not look spoofed since the address would be in your range, and in any case your router would have picked up the MAC address of Verizon's router in the process.

Dan Lanciani ddl@danlan.*com

Reply to
Dan Lanciani

| Based on numerous tests, I have come to the conclusion that the | router/switch on Verizon's side is totally spoof protected: It will not | respond to an ARP query unless the source address is one of the 61 addresses | assigned to us

You could always add a static arp entry for Verizon's gateway on your end and proceed with option D as I indicated. Of course, if they change their MAC address you will lose connectivity until you adapt.

| (we've tried .2 and also tried assigning 10.1.1.1 to the | outside of the router, and giving a static route to our gateway.) In one | case, .2 worked briefly -- probably because we had just swiched over, and it | had an association of our MAC address with a valid IP.

Possibly there had been an incoming packet to which your router had responded as a proxy. That would not look spoofed since the address would be in your range, and in any case your router would have picked up the MAC address of Verizon's router in the process.

Dan Lanciani ddl@danlan.*com

Reply to
Dan Lanciani

Would a sub interface help here at all? Say interface FastEthernet0/1.1

I haven't read the whole thread yet, but that might help if you only wanted certain traffic using it?

Charles

Reply to
Charles N Wyble

A subinterface will not help this situation. A subint only divides the networks that can be accessible on the physical interface, and really provides the exact same functionality as having two different physical/logical interfaces when either you or your provider does not have or want to pay for the additional connectivity. This is why subints are usually reserved for routers on a stick (for creating/ trunking vlans) and for WAN Service frame-relay/WAN. At this point the only solution is a band-aid until he finds better service from Verizon to split out his point to point network w/ them from his contiguous address space.

Reply to
Trendkill

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.