RFC3069 example setup for Cisco
Jay Hennigan
jay at west.net
Mon Nov 1 08:20:16 CET 2010
On 11/1/10 12:16 AM, Mikael Abrahamsson wrote:
> On Mon, 1 Nov 2010, Jon wrote:
>
>> Yes, i have used this but never needed the static routes.
>
> So how did you know your customers didn't take each others IP addresses
> then?
>
>> Just ip unnumbered and local-proxy-arp was needed on a 6500/sup720/SX
>> something
>
> It might have worked, but I don't see how it would have provided you
> with tracability to know what customer had what IP at the time since any
> of them could have used it.
>
> It's one thing to "make it work", another thing to make it work securely
> and properly in a "hostile" environment. I thought that was the major
> point to take away from the discussion.
Should you not also have a static route to null0 for the /24? Otherwise
people can still hijack any unassigned IPs in the block via proxy-arp.
--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the ipv6-ops
mailing list