eggster34
asked on
x.x.x.160 overlaps with FastEthernet4 on Cisco 800 series Router.
Hi,
I have a pix that connects to another router (in my datacenter, out of my control)
the pix has default gateway x.x.x.163 and everything works fine.
I would like to introduce a router of my own in-between my pix, and my datacenter router, so that this router would be an extra hop in the network.
When I configure my router as below, and try to give ip address x.x.x.180 / 255.255.255.224 to interface vlan1 , I get the error message:
x.x.x.160 overlaps with FastEthernet4
Can't I give interfaces IPs from the same ip range so that my router can act as an extra hop in the traffic? I do not wish to do NAT.
Building configuration...
Current configuration : 1417 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname eggster
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
enable secret 5 $1$j9yA$1YcadI1a.
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
aaa authorization network groupauthor local
!
!
aaa session-id common
!
!
!
!
ip cef
!
!
!
!
no ip domain lookup
ip domain name eggster.com
!
multilink bundle-name authenticated
!
!
username eggster privilege 15 secret 5 $1$lXI.$dsfdsfsf
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address x.x.x.188 255.255.255.224
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
no ip address
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
privilege level 15
no modem enable
line aux 0
line vty 0 4
privilege level 15
password 7 xyz
transport input telnet ssh
!
scheduler max-task-time 5000
end
I have a pix that connects to another router (in my datacenter, out of my control)
the pix has default gateway x.x.x.163 and everything works fine.
I would like to introduce a router of my own in-between my pix, and my datacenter router, so that this router would be an extra hop in the network.
When I configure my router as below, and try to give ip address x.x.x.180 / 255.255.255.224 to interface vlan1 , I get the error message:
x.x.x.160 overlaps with FastEthernet4
Can't I give interfaces IPs from the same ip range so that my router can act as an extra hop in the traffic? I do not wish to do NAT.
Building configuration...
Current configuration : 1417 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname eggster
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
enable secret 5 $1$j9yA$1YcadI1a.
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
aaa authorization network groupauthor local
!
!
aaa session-id common
!
!
!
!
ip cef
!
!
!
!
no ip domain lookup
ip domain name eggster.com
!
multilink bundle-name authenticated
!
!
username eggster privilege 15 secret 5 $1$lXI.$dsfdsfsf
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address x.x.x.188 255.255.255.224
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
no ip address
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
privilege level 15
no modem enable
line aux 0
line vty 0 4
privilege level 15
password 7 xyz
transport input telnet ssh
!
scheduler max-task-time 5000
end
leibinusa
By default, 2 interface son routers can not have IP address in same subnet. In your case, you can use bridge, so that both interfaces are in the same LAN segment. BTW, why do you need a router inbetween?
if you want a router in the middle of your pix and the datacenter, you'll need to change the IP on the pix and fastethernet4.
for example:
datacenter 1.1.1.163 to router 1.1.1.164 (or what ever the pix is currently using)
router 2.2.2.10 to pix 2.2.2.11
i'd also stay away from vlan1, security issue as it is the 'default'. no shut the vlan1 and create new vlans for internal and external interfaces.
for example:
datacenter 1.1.1.163 to router 1.1.1.164 (or what ever the pix is currently using)
router 2.2.2.10 to pix 2.2.2.11
i'd also stay away from vlan1, security issue as it is the 'default'. no shut the vlan1 and create new vlans for internal and external interfaces.
ASKER
leibinusa: I need to analyze the traffic flowing from the pix to the internet with netflow accounting. I did not want to do it with a switch, that's why I need the router in between.
will the router still be a hop and pass all the traffic if I use it as a bridge?
will the router still be a hop and pass all the traffic if I use it as a bridge?
ASKER
rlarian that would mean changing my whole network and I don't want to do that :)
If you donot want to change your IP address, you need to configure bridge on 800. However, when router is configured as bridge, it will not support netflow. It look like you have no choice. you will need change IP address on PIX.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You don't need to change any thing else as long as you are lucky enough to have nothing addressed in the same range as the side with the PIX. proxy arp should forward packets as if the hop wasn't there.
ASKER
will netflow accounting work with this proxy-arp thing?
yes
Just a note your default gateway should still be the PIX if you set it to the Router you will have to setup routes on the router and the hop becomes a lot more visible. The way you can test it is from a pc to see if proxy arp is working is from a command prompt type in "arp -a" and the ip address for the PIX should actually be the inside interface of the router(answering on behalf of the PIX).
ASKER
thanks mate it worked great!