On : Sat, 4 Oct 2008 14:50:37 +0200, "Mr Shunz" <mrshunz at gmail.com> wrote: > Hi, > [snip] >> Presently the setting for rip is: >> >> router rip >> version 2 >> passive-interface [[FastEthernet]]0/0 >> network aaa.bbb.ccc.0 >> no auto-summary > > is that aaa.bbb.ccc.0 a *public* IP class? Yes. It is a routable 'c' class address. > if it is with the conf below: > >> router rip >> version 2 >> passive-interface [[FastEthernet]]0/0 >> network aaa.bbb.ccc.0 >> network 192.168.0.0 >> network 10.0.0.0 >> no auto-summary > > you inject private addresses to the other (public?) router... > > if aaa.bbb.ccc.0 is another *private* class the configuration > should be ok... > > maybe i misunderstood your question ... > This is possibly because I an so unfamiliar with routing that I lack the terminology to ask it more clearly. Our internal networks date back to the spring of 1995 and at the time we used portions of our assigned C class netblock for all hosts. This arrangement has survived to the present day. I wish to move to a private netblock for internal use but I am operationally constrained to do so gradually. What I want to do is in the interim allow host 1 with the public IPv4 addr of aaa.bbb.ccc.171 to co-exist on the same lan segment as a host with an address of 192.168.2.151 say. On said segement there is but one gateway to the Internet, located at IPv4 aaa.bbb.ccc.1. The rest of the settings are as in the first example above. If I add 192.168.0.0 to the list of networks handled by RIPv2 at the router (and configure the router Eth0 with a suitable virtual IP from the same network, say: 192.168.71.1) , will internal traffic originating at a host with an address of 192.168.2.71 reach an internal host at 192.168.61.151 and can 192.168.2.71 also reach aaa.bbb.ccc.171? I will deal with NAT issues for these hosts at a later time. For now I am concerned only with hosts that should not reach or be reached from the public Internet in any case and therefore do not need a public IP or NAT. I do not know if that is any clearer or not. Basically, I do not wish to start physically segregating the internal lan into private and public segments using an internal router. I want both address spaces to co-exit on the same switch until the transformation is finalized and then we will look at whether it makes sense to segregate. We are taking about dozens of hosts, not thousands. But we do have legacy systems that require devoted multiple virtual IPS on a single interface so the number of IPs in use is several times the number of hosts. I hope this question makes my desires clearer and provides sufficient background detail for sensible commentary. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3