I am new to Cisco in general and have the following setup:
GigabitEthernet0/0 contains an IP address that is connected to our provider/BGP drop; GigabitEthernet0/1 contains various IP addresses assigned ending in .1 for the IP prefixes we announce to the Internet; this is also the Interface that all of our devices are plugged into via our switch <–> GigabitEthernet0/1 connection.
We want our primary IP address on GE0/0 to be on our primary assigned IP network, such as a.b.c.252 while keeping .1 on GE0/1 for a gateway for our local machines/equipment. Currently when traceroutes or the like come into the network, they get responded to with the IP assigned from our uplink to GE0/0. We'd like this instead to be an IP from our own assigned prefix for identification/notification/consistency sake. (We'll keep the IP from our uplink as a secondary IP).
When I try to assign .252 to GE0/0 and .1 to GE0/1, I get the usual errors about the subnet already existing on another interface.
How do I go about doing this? How do I assign IP in A.B.C, such as A.B.C.252 to GE0/0 as the primary IP address while assigning A.B.C.1 to GE0/1 so that clients on the network can use it as a gateway?
Or, is there a way to allow those on the LAN to use IPs on GE0/0 even though they're plugged into GE0/1, without borking anything too bad? And more to this point even more so, and going a bit off the rails but curious to know if it's possible – if we have three distinct prefixes assigned from RIPE, and wanted to have traceroutes and what-have-you respond with the .1 IP from the beginning of each subnet to the requestor, would this be possible? I am imagining something to do with NAT and matching response with a given source IP for certain ICMP packets (but this wouldn't work for, say, UDP traceroute?). Any ideas there either?
Thanks in advance!
Best Answer
How do you have this set up at the moment? Are you using a private range or another of you public subsets on G0/0?
You can't have the same subnet on different interfaces as it would break routing. The router wouldn't know which hosts were reachable through each of the interfaces.
There are a couple of workarounds if you want to have your BGP peering on the same network as your public address space:
It is possible to create a bridge-group consisting of G0/0 and G0/1. You can then assign a BVI to the group with your public addresses. This would give you a single IP interface with traffic from G0/0 and G0/1 L2 forwarded to the IP interface. Another option would be to connect your BGP connection into the LAN and put your IPs on G0/1 only.
This isn't the usual way to peer with a provider. It would be much better to use separate IP interfaces for the LAN and peering so that policies and ACLs can be applied. What is your reasoning for wanting it set up like this? Is it just so your trace routes show your public address?