Newsgroups: comp.dcom.sys.cisco Path: utzoo!utgpu!cunews!bnrgate!bwdls61.bnr.ca!bwdls56!fortinp From: fortinp@bwdls56.bnr.ca (Pierre Fortin) Subject: Re: Configuration problem Message-ID: <1991Jan6.065127.29308@bwdls61.bnr.ca> Sender: usenet@bwdls61.bnr.ca (Use Net) Organization: Bell-Northern Research, Ottawa, Canada References: <2392@bnlux0.bnl.gov> Date: Sun, 6 Jan 91 06:51:27 GMT In article <2392@bnlux0.bnl.gov>, drs@bnlux0.bnl.gov (David R. Stampf) writes: > > Cisco routers always seem to be reliable and fast, but always seem to > fall short of letting you do what you *want* to do. Here is the latest problem > we face. "always" is a little strong isn't it? Your "problem" (below) is of your own making, so... > > I'd like to assign a second IP address to an ethernet interface on my > router. The reason is that I'm about 40 numbers over what would pass for a > subnet range, i.e. 550 hosts vs 511 slots. This is a short term problem which How do you plan on configuring your devices? Different subnet mask? That would be courting disaster. That should read 510 (not 511). BTW, are you using bridges to break up the subnet into (what we call) workgroups to reduce traffic on portions of your subnet? If so, you'll have another problem: all bridges have a finite limit in the number of ethernet addresses they can filter (we use HP with a limit of 512), beyond which, the bridges start to "leak" packets because the entry for that workstation just got clobbered by the previous packet which leaked because it got clobbered because... > will be fixed when we get the nerve to cut our ethernet cable. Cisco provides > the "ip address ip-address subnet-mask secondary" command which allows me to > assign two addresses to an interface, one on each of two subnets. This works > like a charm *except* that the router will not send any routing info (RIP) to the > secondary network. This is apparently by design since there is a warning in my > manual that says "Secondary address are treated like primary addresses except > that the system never generates datagrams with secondary source addresses". I > think that means it does not send routing packets. That command is really to allow you to configure your network to handle the situation where teh cisco can safely "dump" the packet out an interface in the hope that someone out there will know how to pass it on. The secondary is included in the routing updates to all locations *except* the interface it's coded on for a reason: why advertise a route to yourself if all you can do is send the packets right back out that interface? > > Well, I can hard wire routes on all of my hosts on the secondary network, > but that would be a problem since most of the new systems are user maintained, and > it is hard enough to explain subnets to the uninitiated. Besides, sending routing > info seems like a natural job for a router. Even if I could convince the cisco to > just send out default to the secondary net I would be a lot happier. You'll also have to explain to your users why the subnet is so "shitty". > > Of course, another possibility is to use a spare ethernet port on the router > to connect to the same physical ethernet but have a different subnet address. I > feel less comfortable about that idea tho - it also involves more hardware, and I > suspect there would be many more collisions on the ethernet. I had one site do just that; boy what a mess! They were running 7.1 software. Did you ever see a cisco _swap_ its ethernet addresses? This one did; at least that's the way "show arp" reported it... > > The funny part is that I would also like to have the router send out *fewer* > routing packets on the primary subnet. Every 30 seconds, we get a blast of > approximately 200 networks advertised by rip from our external connections when > all we really want to see on our network is "default". Then why not use proxy arp and code "passive-interface " under "router rip"? Hmmm.... You've got ether-Macs, KFPs or Apollos on your subnet? Well then, you'll have to live with those routing updates going out if you want then to have access to the outside world. :^( > > Feast or famine. > > Any suggestions? > > > Dave Stampf Sorry I can't give you more positive information... Pierre Fortin Bell-Northern Research I know, my postings are Internet Systems P.O.Box 3511, Stn C terse and humourless. So? (613)763-2598 Ottawa, Ontario RIP: aptly named protocol fortinp@bnr.ca Canada K1Y 4H7 AppleTalk: Adam&Eve's design