drs@bnlux0.bnl.gov (David R. Stampf) (01/05/91)
Cisco routers always seem to be reliable and fast, but always seem to fall short of letting you do what you *want* to do. Here is the latest problem we face. I'd like to assign a second IP address to an ethernet interface on my router. The reason is that I'm about 40 numbers over what would pass for a subnet range, i.e. 550 hosts vs 511 slots. This is a short term problem which will be fixed when we get the nerve to cut our ethernet cable. Cisco provides the "ip address ip-address subnet-mask secondary" command which allows me to assign two addresses to an interface, one on each of two subnets. This works like a charm *except* that the router will not send any routing info (RIP) to the secondary network. This is apparently by design since there is a warning in my manual that says "Secondary address are treated like primary addresses except that the system never generates datagrams with secondary source addresses". I think that means it does not send routing packets. Well, I can hard wire routes on all of my hosts on the secondary network, but that would be a problem since most of the new systems are user maintained, and it is hard enough to explain subnets to the uninitiated. Besides, sending routing info seems like a natural job for a router. Even if I could convince the cisco to just send out default to the secondary net I would be a lot happier. Of course, another possibility is to use a spare ethernet port on the router to connect to the same physical ethernet but have a different subnet address. I feel less comfortable about that idea tho - it also involves more hardware, and I suspect there would be many more collisions on the ethernet. The funny part is that I would also like to have the router send out *fewer* routing packets on the primary subnet. Every 30 seconds, we get a blast of approximately 200 networks advertised by rip from our external connections when all we really want to see on our network is "default". Feast or famine. Any suggestions? Dave Stampf
fortinp@bwdls56.bnr.ca (Pierre Fortin) (01/06/91)
In article <2392@bnlux0.bnl.gov>, drs@bnlux0.bnl.gov (David R. Stampf) writes: > > Cisco routers always seem to be reliable and fast, but always seem to > fall short of letting you do what you *want* to do. Here is the latest problem > we face. "always" is a little strong isn't it? Your "problem" (below) is of your own making, so... > > I'd like to assign a second IP address to an ethernet interface on my > router. The reason is that I'm about 40 numbers over what would pass for a > subnet range, i.e. 550 hosts vs 511 slots. This is a short term problem which How do you plan on configuring your devices? Different subnet mask? That would be courting disaster. That should read 510 (not 511). BTW, are you using bridges to break up the subnet into (what we call) workgroups to reduce traffic on portions of your subnet? If so, you'll have another problem: all bridges have a finite limit in the number of ethernet addresses they can filter (we use HP with a limit of 512), beyond which, the bridges start to "leak" packets because the entry for that workstation just got clobbered by the previous packet which leaked because it got clobbered because... > will be fixed when we get the nerve to cut our ethernet cable. Cisco provides > the "ip address ip-address subnet-mask secondary" command which allows me to > assign two addresses to an interface, one on each of two subnets. This works > like a charm *except* that the router will not send any routing info (RIP) to the > secondary network. This is apparently by design since there is a warning in my > manual that says "Secondary address are treated like primary addresses except > that the system never generates datagrams with secondary source addresses". I > think that means it does not send routing packets. That command is really to allow you to configure your network to handle the situation where teh cisco can safely "dump" the packet out an interface in the hope that someone out there will know how to pass it on. The secondary is included in the routing updates to all locations *except* the interface it's coded on for a reason: why advertise a route to yourself if all you can do is send the packets right back out that interface? > > Well, I can hard wire routes on all of my hosts on the secondary network, > but that would be a problem since most of the new systems are user maintained, and > it is hard enough to explain subnets to the uninitiated. Besides, sending routing > info seems like a natural job for a router. Even if I could convince the cisco to > just send out default to the secondary net I would be a lot happier. You'll also have to explain to your users why the subnet is so "shitty". > > Of course, another possibility is to use a spare ethernet port on the router > to connect to the same physical ethernet but have a different subnet address. I > feel less comfortable about that idea tho - it also involves more hardware, and I > suspect there would be many more collisions on the ethernet. I had one site do just that; boy what a mess! They were running 7.1 software. Did you ever see a cisco _swap_ its ethernet addresses? This one did; at least that's the way "show arp" reported it... > > The funny part is that I would also like to have the router send out *fewer* > routing packets on the primary subnet. Every 30 seconds, we get a blast of > approximately 200 networks advertised by rip from our external connections when > all we really want to see on our network is "default". Then why not use proxy arp and code "passive-interface <interface>" under "router rip"? Hmmm.... You've got ether-Macs, KFPs or Apollos on your subnet? Well then, you'll have to live with those routing updates going out if you want then to have access to the outside world. :^( > > Feast or famine. > > Any suggestions? > > > Dave Stampf Sorry I can't give you more positive information... Pierre Fortin Bell-Northern Research I know, my postings are Internet Systems P.O.Box 3511, Stn C terse and humourless. So? (613)763-2598 Ottawa, Ontario RIP: aptly named protocol fortinp@bnr.ca Canada K1Y 4H7 AppleTalk: Adam&Eve's design
satz@cisco.com (Greg Satz) (01/08/91)
It is straight-forward to control what is advertised in outgoing RIP updates. See the distribute-list configuration command. You can set it up such that only default is ever advertised. 8.2 has the ability to perform per interface filtering. You have other problems besides getting the cisco router to advertise routes with a source IP address of the secondary IP network. The hosts sharing the same cable but on different subnets need explicit instruction that they are on the same cable. Otherwise all packets will head off to the router only to be issued back onto the same wire they were just received. You can do this and can disable the resulting ICMP redirect if you so choose. Another option is to lie to those hosts on the secondary subnet. Tell them they aren't subnetted at all. This will cause them to believe that all hosts for your IP major network live on their same cable. Thus they will ARP for everyone on that IP network. Hosts that share the wire will respond and the router will answer (proxy) for all others. You do have to tell the hosts on the primary subnet about the secondary (as the case above) otherwise they won't know it's there when they want to start the conversation. Greg