cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
612
Views
0
Helpful
3
Replies

IP Address in Global aswell as in Sub Interface

harisivaji
Level 1
Level 1

HI,

Today i saw one configuration of our client. It has Ethernet drop out leased line connection terminated to Fa0/0

and for Lan Fa0/1 is used

There is publice IP configured on Fa0/0 with subnet 252

and there is one more publice IP in LAN Fa0/1 global interface along with there is five subinterface configured with private IP's

I read and till now beleived that we cannot configure a IP in global interface when we have subinterface configured with IP.

Using the Public IP configured in LAN global interface...outside internet user can reach and telnet in to the Router. How this is possible and i am able to reach the Public IP configured in Lan Interface (There is no NAT configuration in Router )

Can any one explain me

Config:

interface FastEthernet0/0
description "WAN INTERFACE"
ip address A.B.C.254 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
speed 100
full-duplex
no mop enabled
!
interface FastEthernet0/1
description "LAN INTERFACE"
ip address x.y.z.d 255.255.255.248
ip helper-address xx.yy.dd.zz
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no mop enabled

interface FastEthernet0/1.10
description ###Internet###
encapsulation dot1Q 10
ip address xx.yy.ff.gg 255.255.255.0
ip access-group INTERNET_AC in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no snmp trap link-status
no cdp enable

3 Replies 3

milan.kulik
Level 10
Level 10

Hi,

it's posible to configure an IP address on a main interface while there are subinterfaces configured under the same interface.

The main interface IP address will be used within the native VLAN on the trunk connected to the interface then.

This had been  a workaround used several years ago when first IOS versions without

encapsulation dot1Q x native

option had been released.

HTH,

Milan

THanks, for your reply but most of time when we have sub interface i never seen an IP in Main interface

In this case how the outside internet users are able to reach or telnet to this Router. using this Public IP Configured in Router Lan Interface (Main Interface)

Hi,

well, I'd say it depends on the IP range received from the ISP and the interface used to connect to the ISP router.

I can imagine in your case the client might had received a /28 public subnet from his ISP.

He divided that to /30 configured on WAN FastEthernet interface and /29 configured on the LAN main interface.

The ISP router does know nothing about any additional subnetting.

So when received a packet from the Internet with the x.y.z.d (main LAN interface IP address) destination, it just sends an ARP request to the FastEthernet connecting the client router.

And probably the client router recognizes the ARP is requesting his MAC address in spite of there is "no ip proxy-arp" configured on the WAN interface (this feature might exclude the IP addresses of the router itself, I'm not sure).

And Internet users are happily connected to the client router then!

BTW, I see some NAT commands on the interfaces, so there might be some other trick used?

BR,

Milan