Hello, I have a group of devices on my network (customer cpe - dsl modems mostly) which don't have the intelligence necessary to route their management traffic seperate from the user internet traffic. This means that packets inbound to management, will go outbound to the default gateway in the device's routing table instead of being routed back out the default gateway for the management interface.
I have solved this in the past by using a linux server that had an interface on the global network, and another interface facing the customer management interfaces, with NAT rules so that packets destined TO addressees within the management network would have a source of the linux server itself. This meant that traffic to the cpe management interface appeared to be from an ip that was local (on the same network) and thus did not require routing. For example, if the management network was 172.16.1.0/24 and the cpe had an ip of 172.1.1.100, packets from global destinated to 172.16.1.100 would appear to the cpe to be comming from 172.16.1.1 (the linux server). Unfortunately, for various network reasons, this doesn't scale (the linux server has to have direct l2 connectivity to each such network, which becomes unmanageable). I have been trying to discern a more cisco-centric way of accomplishing this end goal, and I need some help fleshing this out. My thoughts are that the router of course will have an l2 interface on the cpe management network, and this could be inside a seperate vrf. If the vrf/management network was 172.16.1.0/24, I would want this same route also in my global table so I can address hosts on this network, with the switch to vrf/nat on the inside. Is this possible, or am I just conceptualizing this wrong? Mike- _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
