[nsp] Cisco 1720 or above Firewall using DHCP outside

Bruce Pinsky bep at whack.org
Thu Nov 20 19:37:46 EST 2003

Hash: SHA1

Charles H. Gucker wrote:

|>|>ip route Ethernet1
|>|>any questions? :)
|>| Yes.  Doesn't the above statement mean that the router performs an
|>| ARP request for any destination it's trying to reach?  Sounds like
|>| concentrated evil to me, and it would depend on "ip proxy-arp" to be
|>| enabled in the upstream router, which - although default - is not a given.
|>My guess is that even though his provider hands out a DHCP address that the
|>gateway address is static and could be configured in the route statement.
| Well, the only thing constant with the upstream interface is it's MAC/ARP
| responce.  Since multiple possible networks exist for the DHCPable networks,
| you won't be able to statically assign the route.

Ok, but if proxy-arp goes away, then pointing at the interface won't work.

Another hack might be to do the following:

	ip route
	ip route <interface>
	arp <upstream router MAC> arpa

By creating a phony IP that points statically to your upstream's MAC
address, you don't have to rely on proxy-arp or reconfig the default route
when the subnet changes.  Of course, if the MAC address changes at some
point, you'll be out of luck, but it sounds like it's breaking frequency
from DHCP now.


Version: GnuPG v1.2.2 (MingW32)


More information about the cisco-nsp mailing list