08-29-2006 05:15 AM - edited 03-03-2019 01:48 PM
I have installed a broadband connection into my Cisco 3800. Currently, I employ EIGRP and static routes - the statics directing all 0.0.0.0 0.0.0.0 traffic out our point-to-point T1. I want to direct specific subnets out the broadband. I've assigned one of the static IPs provided by the broadband provider to a second Ethernet port and assigned it as an outbound WAN port. Adding a static route to point to that interface doesn't work.
What am I missing here? We do not employ ACLs - simple route statements directing traffic to specific interfaces. Thank you.
08-31-2006 06:38 PM
I would suggest one change but this is mostly right. I would suggest changing your static route. Instead of doing this:
ip route
I would suggest this:
ip route
If you point the static route to the gig interface it will work only if the provider supports proxy ARP (and more and more people are wanting to not support proxy ARP). And even if it works it will make your router work harder (because it will have to arp for every remote destination). If you put in the next hop address it just works and is more efficient.
Another note is to verify that the traffic coming from Gig0/0 to be routed out the broadband is from network 172.17.0.0 (and no other network).
Otherwise it looks to me like this should work.
Good luck.
HTH
Rick
09-05-2006 09:34 AM
OK - the only traffic I wnat routed is from 172.17 x.x and no other.
Added all of the rules I listed - with your suggestion of the next hop (cable modem) in place of the router interface in the ute statement. The thing I don't understand is when I added "access-list 1 permit 172.17.0.0 255 255.0.0" came out in the config. as "access-list 1 permit 0.0.0.0 255.255.0.0"
When all is applied - not traffic flows out any interface - it's almost as if the router's is attempting to NAT all outbound traffic. Once I removed the two "ip nat" statements from G0/0 and G0/1 traffic flow recovered. A PC directly connected to the cable modem works. Any ideas?
09-05-2006 09:55 AM
The reason that 172.17.0.0 255 255.0.0 came out as 0.0.0.0 255.255.0.0 is that access lists use an inverted subnet mask. So the syntax that you used specified that it could be anything in the first two octets but had to be 0.0 in the last two octets. The correct syntax is 172.17.0.0 0.0.255.255. (Sorry that I did not notice that detail in the earlier posting.)
If you change the access list and put the NAT statements back then I think that this should work.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide