Downloads |
Table Of Contents
Restrictions for IP Overlapping Address Pools
Information About IP Overlapping Address Pools
How to Configure IP Overlapping Address Pools
Configuring and Verifying a Local Pool Group
Configuration Examples for Configuring IP Overlapping Address Pools
Define Local Address Pooling as the Global Default Mechanism Example
Configure Multiple Ranges of IP Addresses into One Pool Example
IP Overlapping Address Pools
The IP Overlapping Address Pools feature improves flexibility in assigning IP addresses dynamically. This feature allows you to configure overlapping IP address pool groups to create different address spaces and concurrently use the same IP addresses in different address spaces.
Feature Specifications for the IP Overlapping Address Pools Feature
12.1(5)DC
This feature was introduced.
12.2(13)T
This feature was integrated into Cisco IOS Release 12.2(13)T.
Cisco 6400 node route processor 1 (NRP-1), Cisco 6400 node route processor 25v (NRP-25v), Cisco 74001 6400-NRP-1
1 The Cisco 6400 NRP-25v must be a DC-powered 6400.
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Availability of Cisco IOS Software Images
Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.
Contents
•
Restrictions for IP Overlapping Address Pools
•
•
•
Restrictions for IP Overlapping Address Pools
The Cisco IOS software checks for duplicate addresses on a per-group basis. The check for duplicate addresses means that you can configure pools in multiple groups that could have possible duplicate addresses. The IP Overlapping Address Pools feature should be used only in cases where overlapping IP address pools make sense, such as Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environments where multiple IP address spaces are supported.
Information About IP Overlapping Address Pools
To configure the IP Overlapping Address Pools feature, you should understand the following concepts:
Benefits
The IP Overlapping Address Pools gives greater flexibility in assigning IP addresses dynamically. It allows you to configure overlapping IP address pool groups to create different address spaces and concurrently use the same IP addresses in different address spaces.
How IP Address Groups Work
Existing configurations are not affected by the new pool feature. The "group" concept is an extension of the existing ip local pool command. Processing of pools that are not specified as a member of a group is unchanged from the existing implementation.
How to Configure IP Overlapping Address Pools
This section contains the following procedure:
•
Configuring and Verifying a Local Pool Group
This section contains the steps necessary to configure a local pool group and verify that it exists.
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPS
Configuration Examples for Configuring IP Overlapping Address Pools
•
•
Define Local Address Pooling as the Global Default Mechanism Example
The following example shows how to configure local pooling as the global default mechanism:
ip address-pool localip local pool default 192.169.15.15 192.68.15.16Configure Multiple Ranges of IP Addresses into One Pool Example
The following example shows how to configure two ranges of IP addresses for one IP address pool:
ip local pool default 192.169.10.10 192.169.10.20
ip local pool default 192.169.50.25 192.169.50.50Additional References
For additional information related to IP Overlapping Address Pools, refer to the following references:
•
•
Related Documents
Standards
MIBs
None
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
1 Not all supported MIBs are listed.
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
RFCs
Technical Assistance
Command Reference
This section documents modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.2 T command reference publications.
ip local pool
To configure a local pool of IP addresses to be used when a remote peer connects to a point-to-point interface, use the ip local pool command in global configuration mode. To remove a range of addresses from a pool (the longer of the no forms of this command), or to delete an address pool (the shorter of the no forms of this command), use one of the no forms of this command.
ip local pool {default | poolname} [low-ip-address [high-ip-address]] [group group-name] [cache-size size]
no ip local pool poolname low-ip-address [high-ip-address]
no ip local pool {default | poolname}
Syntax Description
Defaults
No address pools are configured. Any pool created without the optional group keyword is a member of the base system group.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the ip local pool command to create one or more local address pools from which IP addresses are assigned when a peer connects. You may also add another range of IP addresses to an existing pool. To use a named IP address pool on an interface, use the peer default ip address pool interface configuration command. A pool name can also be assigned to a specific user using authentication, authorization, and accounting (AAA) RADIUS and TACACS functions.
If no named local IP address pool is created, a default address pool is used on all point-to-point interfaces after the ip address-pool local global configuration command is issued. If no explicit IP address pool is assigned, but pool use is requested by use of the ip address-pool local command, the special pool named "default" is used.
The optional group keyword and associated group name allows the association of an IP address pool with a named group. Any IP address pool created without the group keyword automatically becomes a member of a base system group.
An IP address pool name can be associated with only one group. Subsequent use of the same pool name, within a pool group, is treated as an extension of that pool, and any attempt to associate an existing local IP address pool name with a different pool group is rejected. Therefore, each use of a pool name is an implicit selection of the associated pool group.
Note
All IP address pools within a pool group are checked to prevent overlapping addresses; however, no checks are made between any group pool member and a pool not in a group. The specification of a named pool within a pool group allows the existence of overlapping IP addresses with pools in other groups, and with pools in the base system group, but not among pools within a group. Otherwise, processing of the IP address pools is not altered by their membership in a group. In particular, these pool names can be specified in peer commands and returned in RADIUS and AAA functions with no special processing.
IP address pools can be associated with Virtual Private Networks (VPNs). This association permits flexible IP address pool specifications that are compatible with a VPN and a VPN routing and forwarding instance (VRF).
The IP address pools can also be used with the translate commands for one-step vty-async connections and in certain AAA or TACACS+ authorization functions. Refer to the chapter "Configuring Protocol Translation and Virtual Asynchronous Devices" in the Cisco IOS Terminal Services Configuration Guide and the "System Management" part of the Cisco IOS Configuration Fundamentals Configuration Guide for more information.
IP address pools are displayed with the show ip local pool EXEC command.
Examples
The following example creates a local IP address pool named "pool2," which contains all IP addresses in the range 172.16.23.0 to 172.16.23.255:
ip local pool pool2 172.16.23.0 172.16.23.255The following example configures a pool of 1024 IP addresses:
no ip local pool defaultip local pool default 10.1.1.0 10.1.4.255
Note
The following example configures multiple ranges of IP addresses into one pool:
ip local pool default 10.1.1.0 10.1.9.255ip local pool default 10.2.1.0 10.2.9.255The following examples show how to configure two pool groups and IP address pools in the base system group:
ip local pool p1_g1 10.1.1.1 10.1.1.50 group grp1ip local pool p2_g1 10.1.1.100 10.1.1.110 group grp1ip local pool p1_g2 10.1.1.1 10.1.1.40 group grp2ip local pool lp1 10.1.1.1 10.1.1.10ip local pool p3_g1 10.1.2.1 10.1.2.30 group grp1ip local pool p2_g2 10.1.1.50 10.1.1.70 group grp2ip local pool lp2 10.1.2.1 10.1.2.10
In the example:
•
•
•
Note that IP address 10.1.1.1 overlaps groups grp1, grp2, and the base system group. Also note that there is no overlap within any group including the base system group, which is unnamed.
The following examples show configurations of IP address pools and groups for use by a VPN and VRF:
ip local pool p1_vpn1 10.1.1.1 10.1.1.50 group vpn1ip local pool p2_vpn1 10.1.1.100 10.1.1.110 group vpn1ip local pool p1_vpn2 10.1.1.1 10.1.1.40 group vpn2ip local pool lp1 10.1.1.1 10.1.1.10ip local pool p3_vpn1 10.1.2.1 10.1.2.30 group vpn1ip local pool p2_vpn2 10.1.1.50 10.1.1.70 group vpn2ip local pool lp2 10.1.2.1 10.1.2.10
The examples show configuration of two pool groups, including pools in the base system group, as follows:
•
•
•
Note that IP address 10.1.1.1 overlaps groups vpn1, vpn2, and the base system group. Also note that there is no overlap within any group including the base system group, which is unnamed.
The VPN needs a configuration that selects the proper group by selecting the proper pool based on remote user data. Thus, each user in a given VPN can select an address space using the pool and associated group appropriate for that VPN. Duplicate addresses in other VPNs (other group names) are not a concern, because the address space of a VPN is specific to that VPN.
In the example, a user in group vpn1 is associated with some combination of the pools p1_vpn1, p2_vpn1, and p3_vpn1, and is allocated addresses from that address space. Addresses are returned to the same pool from which they were allocated.
Related Commands
show ip local pool
To display statistics for any defined IP address pools, use the show ip local pool command in privileged EXEC mode.
show ip local pool [poolname | [group group-name]]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
If you omit the poolname argument, the command displays a generic list of all defined address pools and the IP addresses that belong to them. If you specify the poolname argument, the command displays detailed information about that pool.
When you supply the group keyword without the associated group name, the command displays all pools in the base system group. When you supply the group keyword with the associated group name, the command displays all pools in that group.
Examples
The following is sample output from the show ip local pool command when pool groups have not been created:
Router# show ip local poolScope Begin End Free InUseDialin 172.30.228.11 172.30.228.26 16 0Available addresses:172.30.228.12172.30.228.13172.30.228.14172.30.228.15172.30.228.16172.30.228.17172.30.228.18172.30.228.19172.30.228.20172.30.228.21172.30.228.22172.30.228.23172.30.228.24172.30.228.25172.30.228.26172.30.228.11 Async5Inuse addresses:NoneThe following is sample output from the show ip local pool command when pool groups have been created:
Router# show ip local poolPool Begin End Free In use** pool <p1> is in group <g1>p1 10.1.1.1 10.1.1.10 10 010.1.1.21 10.1.1.30 10 0** pool <p2> is in group <g2>p2 10.1.1.1 10.1.1.10 10 0lcl1 10.2.2.1 10.2.2.10 10 010.2.2.21 10.2.2.30 10 010.2.2.41 10.2.2.50 10 0** pool <mypool> is in group <mygroup>mypool 172.18.184.223 172.18.184.224 2 0172.18.184.218 172.18.184.222 5 0** pool <ccc> is in group <grp-c>ccc 172.18.184.218 172.18.184.220 3 0** pool <bbb> is in group <grp-b>bbb 172.18.184.218 172.18.184.220 3 0** pool <ddd> is in group <grp-d>ddd 172.18.184.218 172.18.184.220 3 0** pool <pp1> is in group <grp-pp>pp1 172.18.184.218 172.18.184.220 2 1The following is sample output from the show ip local pool command for the pool group named mygroup:
Router# show ip local pool mygroupPool Begin End Free In use** pool <mypool> is in group <mygroup>mypool 172.18.184.223 172.18.184.224 2 0172.18.184.218 172.18.184.222 5 0The following sample output from the show ip local pool group command shows the base system group (lcl1):
Router# show ip local pool groupPool Begin End Free In uselcl1 10.2.2.1 10.2.2.10 10 010.2.2.21 10.2.2.30 10 010.2.2.41 10.2.2.50 10 0Table 1 describes the significant fields shown in the displays.
Related Commands
Glossary
IPCP—IP Control Protocol. Protocol that establishes and configures IP over PPP.
MPLS—Multiprotocol Label Switching. Switching method that forwards IP traffic using a label. This label instructs the routers and the switches in the network where to forward the packets based on preestablished IP routing information.
NAT—Network Address Translation. Mechanism for reducing the need for globally unique IP addresses. NAT allows an organization with addresses that are not globally unique to connect to the Internet by translating those addresses into globally routable address space. Also known as Network Address Translator.
VPDN—virtual private dialup network. Also known as virtual private dial network. A VPDN is a network that extends remote access to a private network using a shared infrastructure. VPDNs use Layer 2 tunnel technologies (L2F, L2TP, and PPTP) to extend the Layer 2 and higher parts of the network connection from a remote user across an ISP network to a private network. VPDNs are a cost-effective method of establishing a long distance, point-to-point connection between remote dial users and a private network. See also VPN.
VPN—Virtual Private Network. Enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one network to another. A VPN uses "tunneling" to encrypt all information at the IP level.
VRF—A VPN routing and forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table. In general, a VRF includes the routing information that defines a customer VPN site that is attached to a PE router.
Note
