[nsp] Cisco 1720 or above Firewall using DHCP outside
Bruce Pinsky
bep at whack.org
Thu Nov 20 19:37:46 EST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Charles H. Gucker wrote:
|>|>ip route 0.0.0.0 0.0.0.0 Ethernet1
|>|>
|>|>any questions? :)
|>|
|>| Yes. Doesn't the above statement mean that the router performs an
|>| ARP request for any destination it's trying to reach? Sounds like
|>| concentrated evil to me, and it would depend on "ip proxy-arp" to be
|>| enabled in the upstream router, which - although default - is not a given.
|>|
|>Yes.
|>
|>My guess is that even though his provider hands out a DHCP address that the
|>gateway address is static and could be configured in the route statement.
|>
|>=========
|>bep
|
|
| Well, the only thing constant with the upstream interface is it's MAC/ARP
| responce. Since multiple possible networks exist for the DHCPable networks,
| you won't be able to statically assign the route.
|
Ok, but if proxy-arp goes away, then pointing at the interface won't work.
Another hack might be to do the following:
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 1.1.1.1 <interface>
arp 1.1.1.1 <upstream router MAC> arpa
By creating a phony IP that points statically to your upstream's MAC
address, you don't have to rely on proxy-arp or reconfig the default route
when the subnet changes. Of course, if the MAC address changes at some
point, you'll be out of luck, but it sounds like it's breaking frequency
from DHCP now.
=========
bep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
iD8DBQE/vV5aE1XcgMgrtyYRAs/EAJ9ihQPCdG79vuuD3q1EQpw7N5ZHWACg6FFB
XPo+NojxtvI+TgHfFaNllEY=
=eVwE
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list