	site Search:
login · register

	All Forums		Hot Topics		Gallery

how-to block ads

Equipment Support > Hardware By Brand > Cisco > [HELP] ARP on INT with 2ndary IP

Uniqs:
526

Share Topic

Links: ·Submit a new forum topic ·Forum FAQ ·Submit a FAQ ·Docs Guidelines and Advisories ·EOS/EOL thread

Author	All Replies
ynyng join:2003-04-15 Rolla, MO	[HELP] ARP on INT with 2ndary IP I have Cisco 3825 with an Ether interface using a secondary IP address to isloate a /28 subnet out of a /24: interface GigabitEthernet0/0 description $FW_INSIDE$$ETH-LAN$ ip address xxx.yyy.zzz.33 255.255.255.240 secondary ip address xxx.yyy.zzz.1 255.255.255.0 no ip redirects no ip unreachables ip virtual-reassembly duplex auto speed auto media-type rj45 no mop enabled I have a static route to the upstream router: ip route 0.0.0.0 0.0.0.0 aaa.bbb.ccc.ddd The downstream router on the /28 network (a SonicWall) uses xxx.yyy.zzz.34/28 as its address and xxx.yyy.zzz.33 as its trusted gateway. The problem is that the Ciso interface sends out ARP broadcasts for both the /24 and the /28 networks and the SonicWall is configured to drop packets when it sees ARP traffic from the /24 network. Is there a way to configure the Cisco interface to only broadcast the /28 ARP to the /28 subnet? Would adding a static route to the Cisco for the /28 network fix this? That is: ip route xxx.yyy.zzz.32 255.255.255.240 aaa.bbb.ccc.ddd permanent Thanks for your help.
ynyng join:2003-04-15 Rolla, MO	to forum · permalink · 2010-04-05 21:05:19 ·
aryoba Premium,MVM join:2002-08-22 kudos:1	said by ynyng: I have Cisco 3825 with an Ether interface using a secondary IP address to isloate a /28 subnet out of a /24: interface GigabitEthernet0/0 description $FW_INSIDE$$ETH-LAN$ ip address xxx.yyy.zzz.33 255.255.255.240 secondary ip address xxx.yyy.zzz.1 255.255.255.0 The downstream router on the /28 network (a SonicWall) uses xxx.yyy.zzz.34/28 as its address and xxx.yyy.zzz.33 as its trusted gateway. The problem is that the Ciso interface sends out ARP broadcasts for both the /24 and the /28 networks and the SonicWall is configured to drop packets when it sees ARP traffic from the /24 network. The problem is that the SonicWall as firewall device expect to see only ARP broadcast for only /28 network. When the SonicWall sees ARP broadcast intended for different network, by nature the SonicWall firewall drops the broadcast. Further, you can't really expect any network device configured as part of broadcast network (either as /28, /24, or else) and does not send ARP broadcast since ARP broadcast is part of broadcast network mechanism. said by ynyng: Is there a way to configure the Cisco interface to only broadcast the /28 ARP to the /28 subnet? Would adding a static route to the Cisco for the /28 network fix this? Yes, there is a way by not configure the router interface having secondary IP address. Configure the router interface to just have the /28 network and configure the /24 network elsewhere (either on different network device or different router interface). Note that if the first three octets of the /28 and /24 networks are the same, then the network design is flawed. If the /28 network was part of the /24 network, then you cannot really assign the /28 network on one interface and assign the /24 network on other interface (especially when both networks are on the same interface). Having such network design creates problem such as the one you are having now. Should the /28 network be part of the /24 network, then you must break up the /24 network into multiple smaller networks. You could have multiple smaller /28 networks, smaller /27 networks, smaller /26 networks, smaller /25 networks, or else. The /24 network should be seen as network summary or supernet of all of those smaller networks. Once you break up the /24 network, then assign the smaller networks to different interface or different network device. Design the network carefully and you should have no problem then.
aryoba Premium,MVM join:2002-08-22 kudos:1	to forum · permalink · 2010-04-06 04:48:28 ·

Forums > Equipment Support > Hardware By Brand > Cisco

Sunday, 03-Jun 09:23:54

Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.

Most commented news this week

Hot Topics

Thought I'd pass along this handy tip... [Home Improvement]