dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2361
share rss forum feed

buckweet1980

join:2011-12-31
Allen, TX

Multiple subnets behind actiontec...How to?

Does anyone know how to get the Actiontec to NAT multiple subnets?? It's easy to add routes for other subnets on the router, but I cannot get anything other than the directly attached subnet to be NAT'ed for internet traffic.

I want to have a Layer 3 switch behind the device.


More Fiber
Premium,MVM
join:2005-09-26
West Chester, PA
kudos:32
One thing you can do is divide the Actiontec's /24 LAN subnet onto 2 /25 or 4 /26 subnets. The Actiontec would still be NAT'ing it's /24 address range, but each of the VLAN's on the managed switch would have it's own address range.
--
There are 10 kinds of people in the world; those who understand binary and those who don't.

buckweet1980

join:2011-12-31
Allen, TX
So no way to get anything besides its local /24??

I work in the networking world and have a LAB behind this thing in multiple different rfc1918 address ranges.

Currently I'm using another router, but would like to see if I could just use this Actiontec since I'm using it anyways as a bridge for the STBs.

thx for the help!

kevnich24

join:2006-04-19
Mulberry, FL
If you work in networking and have a layer 3 switch that can do static routing, you should know how to get this setup to work for different subnets to get to the internet.


More Fiber
Premium,MVM
join:2005-09-26
West Chester, PA
kudos:32
reply to buckweet1980
said by buckweet1980:

So no way to get anything besides its local /24??

You can configure the Actiontec LAN as a /8 using the 10.x.x.x IP range if you want.
--
There are 10 kinds of people in the world; those who understand binary and those who don't.

Mahalo

join:2000-12-20
united state
kudos:1
Reviews:
·Verizon FiOS

1 edit
reply to buckweet1980
I think I might have what you are looking for.

Go to System Monitoring -> Advanced Status -> Full Status/System wide Monitoring of Connections -> Network (Home/Office) -> Settings -> Additional IP Addresses. Add a new IP address. In my case I added 10.0.0.1 255.0.0.0. I then static a PC with 10.0.0.3 255.0.0.0 GW 10.0.0.1.

This is what shows up in the log:
TCP 10.0.0.3:1167 71.180.152.239:1167 [98.137.80.31:80] CLOSE_WAIT/FIN_WAIT_2 eth1 NAPT Outgoing DEL-PENDING FP-CAP

All my other devices show up as 192.168.1.x in the log.

You could also add the 172 network as well. I dont have all the equipment to do a full PoC.

buckweet1980

join:2011-12-31
Allen, TX
reply to kevnich24
said by kevnich24:

If you work in networking and have a layer 3 switch that can do static routing, you should know how to get this setup to work for different subnets to get to the internet.

Please read my post before making comments like this.. Routing works, NAT doesn't!

buckweet1980

join:2011-12-31
Allen, TX
reply to Mahalo
said by Mahalo:

I think I might have what you are looking for.

Go to System Monitoring -> Advanced Status -> Full Status/System wide Monitoring of Connections -> Network (Home/Office) -> Settings -> Additional IP Addresses. Add a new IP address. In my case I added 10.0.0.1 255.0.0.0. I then static a PC with 10.0.0.3 255.0.0.0 GW 10.0.0.1.

This is what shows up in the log:
TCP 10.0.0.3:1167 71.180.152.239:1167 [98.137.80.31:80] CLOSE_WAIT/FIN_WAIT_2 eth1 NAPT Outgoing DEL-PENDING FP-CAP

All my other devices show up as 192.168.1.x in the log.

You could also add the 172 network as well. I dont have all the equipment to do a full PoC.

If I'm reading your solution correctly it looks like that IP will be created on the Actiontec itself, thus inserting that subnet as directly attached and it would not use the routing tables to get to the destinations.

I emailed Actiontec today to see what they say, haven't heard any reponse yet.

Mahalo

join:2000-12-20
united state
kudos:1
Reviews:
·Verizon FiOS
Is this what you are trying to do?

buckweet1980

join:2011-12-31
Allen, TX
Yes sir.. Except not on a Nexus 5010, which isn't L3 capable

Mahalo

join:2000-12-20
united state
kudos:1
Reviews:
·Verizon FiOS
I only had 7000,5000 & 2000 in my stencil and the 7K is a big object. A 5000 will do L3 »www.cisco.com/en/US/products/ps9···dex.html
Not sure if you were saying a 5K would not.

buckweet1980

join:2011-12-31
Allen, TX
First Gen 5K's (5010/5020) wont.. 2nd Gen 55xx (5548/5596) will, when the L3 daughtercard is added.

That's all I meant

buckweet1980

join:2011-12-31
Allen, TX
reply to buckweet1980
Here is what I sent actiontec last night..

"I would like to know if there is a way to get the Actiontec router to NAT for subnets other than the locally connected interface. I am able to add static routes for other subnets on my local LAN, but cannot get the device to NAT anything except for the directly connected interface. Is this possible on the device? The reason I ask is that I have a layer 3 switch on the LAN side of the device routing multiple subnets."

Answer:
"Negative, it can only NAT the subnet of its own DHCP server range."

Bummer!

Mahalo

join:2000-12-20
united state
kudos:1
Reviews:
·Verizon FiOS
Reaching here...but go back to my statement about adding the additional subnet to the router and then have a connection for the 10 network and another for 172 network off of the switch.

buckweet1980

join:2011-12-31
Allen, TX
Appreciate the help.

The router would see the 10.0.0.0/8 as a directly attached interface/subnet, therefore would never try to route it to another router to reach its destination. The only way this could potentially work is via proxy arp... Fugly solution, but I will give this a shot.

buckweet1980

join:2011-12-31
Allen, TX
reply to buckweet1980
I was able to get proxy arp to work and can browse the internet in this fashion..

Wow.. I haven't used Proxy Arp in over 15yrs I think... Lol

I configured an extra IP on the actiontec of 10.0.0.1/8, then on the router interface I configure 10.0.0.2/30 and enabled proxy-arp on that interface.. Then on the backside I tested with a subnet of 10.0.1.0/24 and it worked. The actiontec now thinks everything is on the local LAN, which is fine.

One issue I did run into is that trying to ping from the actiontec for testing would crash it 3 out of 4 times.. What a hunk of junk!


jjoshua
Premium
join:2001-06-01
Scotch Plains, NJ
kudos:3
reply to buckweet1980
As mentioned previously, all you need to do is to add IP addresses to the ethernet interface.

buckweet1980

join:2011-12-31
Allen, TX
What you say is only correct if you're in the same broadcast domain.. To get the scenario I want to work you must enable proxy-arp on the L3 device behind the Actiontec. By default proxy-arp is disabled on most newer network devices as a security precaution.


jjoshua
Premium
join:2001-06-01
Scotch Plains, NJ
kudos:3
That's true. I don't have any L3 routing going on.

buckweet1980

join:2011-12-31
Allen, TX
does the router reboot for you guys anytime you make an IP change? seems like if I add another IP it reboots, not sure if its crashing or if its normal.

Mahalo

join:2000-12-20
united state
kudos:1
The manual does state that it may require a reboot. "May" I guess implies it will.


More Fiber
Premium,MVM
join:2005-09-26
West Chester, PA
kudos:32
reply to buckweet1980
That's normal.