wolverene13
ISP
Hi,
I work for a large ISP (I won't say which one, but we are in the top 5 largest in the U.S.) troubleshooting WAN links for large scale and high-end customers for Ethernet, Frame, MPLS, ATM, etc. We are only supposed to troubleshoot up to the demarc and no further, because that is customer facing equipment that we have nothing to do with. I was working with a customer today and it's set up like this: There is a 10 meg DIA Metro-E circuit that terminates on a Cisco ME3400, which is configured Layer-2 only and merely encapsulates the customers data (regardless as to what VLANs they have) into one VLAN that is assigned to them. The switch does not care what VLANs go in from the customer, it merely sends VLAN xxxx out to the Internet or to another of the customer's sites. Then, there is an Adtran Netvanta 3448 that comes after that, which we also manage for some reason. That has two Ethernet ports; one for the WAN link through the ME3400 to the Internet Access router in the core, and one for the customer's LAN (public IPs, not private). This customer then has his own firewall connected to the Adtran. This customer originally had a /29 network of public IPs assigned to him, but then some time later he added another /29. There was no way to simply give him a contiguous /28 instead because he already had the 1st /29 addressing done and did not want to reconfigure his whole network. So, he has a 75.x.x.x network and a 67.x.x.x network for use on the firewall facing side of the Adtran. The 75 network works fine, but the 67 network does not. The 1st and second useable 75 addresses are applied to the physical interfaces of the router and the firewall. The 1st useable 67 address was applied to vlan interface 1 on the Adtran and the customer had the 2nd useable 67 address applied to a loopback interface on his firewall. this didn't work, so I changed it so that the 1st useable address was configured as a secondary IP on the physical interface of the Adtran. I asked the customer to do the same thing on the firewall with the 2nd useable IP, but he said he can't do that because he is using NAT with the 75 address range or something to that effect. My question is, how do I make both sets of IPs work without configuring any secondary IPs?
I work for a large ISP (I won't say which one, but we are in the top 5 largest in the U.S.) troubleshooting WAN links for large scale and high-end customers for Ethernet, Frame, MPLS, ATM, etc. We are only supposed to troubleshoot up to the demarc and no further, because that is customer facing equipment that we have nothing to do with. I was working with a customer today and it's set up like this: There is a 10 meg DIA Metro-E circuit that terminates on a Cisco ME3400, which is configured Layer-2 only and merely encapsulates the customers data (regardless as to what VLANs they have) into one VLAN that is assigned to them. The switch does not care what VLANs go in from the customer, it merely sends VLAN xxxx out to the Internet or to another of the customer's sites. Then, there is an Adtran Netvanta 3448 that comes after that, which we also manage for some reason. That has two Ethernet ports; one for the WAN link through the ME3400 to the Internet Access router in the core, and one for the customer's LAN (public IPs, not private). This customer then has his own firewall connected to the Adtran. This customer originally had a /29 network of public IPs assigned to him, but then some time later he added another /29. There was no way to simply give him a contiguous /28 instead because he already had the 1st /29 addressing done and did not want to reconfigure his whole network. So, he has a 75.x.x.x network and a 67.x.x.x network for use on the firewall facing side of the Adtran. The 75 network works fine, but the 67 network does not. The 1st and second useable 75 addresses are applied to the physical interfaces of the router and the firewall. The 1st useable 67 address was applied to vlan interface 1 on the Adtran and the customer had the 2nd useable 67 address applied to a loopback interface on his firewall. this didn't work, so I changed it so that the 1st useable address was configured as a secondary IP on the physical interface of the Adtran. I asked the customer to do the same thing on the firewall with the 2nd useable IP, but he said he can't do that because he is using NAT with the 75 address range or something to that effect. My question is, how do I make both sets of IPs work without configuring any secondary IPs?
![[americanflag]](/data/assets/smilies/americanflag.gif "[americanflag] [americanflag]")
Go Army!