Static WAN IP Questions

U

/usr/home

Supreme [H]ardness
Joined
Mar 18, 2008
Messages
6,160
I'm having trouble understanding this. It's just not clicking.

When you get static IPs from the ISP, how do they only allow you to use them? I understand the setups where they give you say a /30 and the assign the modem an IP and route it that way, but my ISP doesn't do it this way.

I've been given two static IPs on a /24 subnet. What prevents another person on that subnet from using my IPs? Also how do they route my IPs? Do they route by port or what? I know that the one port on the 2wire is pass through to the router but the other ports use the 2wire dhcp and are in router mode and the WAN IP on those ports is in a DHCP range different than my static IPs. How do they do this?

I'm a visual learner so if I could just look at their setup I'd understand it better.

Hope my questions make sense. These are just informational questions. My static IPs have worked great for the past 2 years.
 
Lol. We were just talking about this the other day when me and a colleague were mapping out some of our network layout on a whiteboard. He noticed our wan was apart of a /24. He couldn't wrap his bead around how its possible.

Quite honestly I don't know how they do it either but I do know if you attempt to use any other IP address other than what they give you it wont work. I imagine there has to be some kind of ip filter somewhere. Obviously can't filter by mac as I've swpped routers lots of times. I have Verizon so maybe the ONT is acting as some sort of bridge and they filter by that??

Subbing to this thread because I'm just as curious.
 
It could be a combination of things. If they give you a /27 for e.g. they have lost 2 IP's for every other as you have a private D/G then.

The place I worked at previously had PVLAN's setup, so your /24 would come in on VLAN1, but traffic matching your IP range would be in a sub-VLAN (a PVLAN) within that range so it couldn't talk to any IP address outside of that range.

Or simply put, a firewall that doesn't let routing occuring between those ranges directly.

As far as presenting your modem the IP addresses it would be setup on your line to accept those particular static IP's.
 
When we had our Verizon FIOS installed I had this same question. They gave us a /24 subnet and I called support and our reseller to confirm the number which they said yes, it is accurate.

Shortly after implementing our failover WAN traffic on the FIOS IP address, we noticed a local company also running FIOS and an SMTP server on our same /24 subnet (literally 2 blocks away) was unable to send us email directly to our on prem Exchange server (at that time routed through our Comcast IP).

Basically Sonicwall was allowing our outbound email to traverse the Verizon IP to this company down the road because it considered it best path (same /24) but their email server could not send back (MX records didn't match).

After much consultation, Sonicwall suggested to just change my subnet mask to a /30 and it works without issue.
 
Glad to see I'm not the only networking guy that doesn't understand this :p.

I'd love to work for my ISP. I keep a lookout for job postings there.
 
Through the wonders of DHCP Snooping. On the DSLAM/OLT's from Calix I work with a users port is set to dynamic by default, when the client on the other side of that port is given an IP via DHCP it adds it to it's association table and only allows traffic from that IP. For static IP's For static IP's you just tell the port it's a static IP and enter IP/mask/gateway/mac info.
 
I always figured it was a static ARP entry to the gateway/router they provide.
 
The fact is, nothing does prevent someone else from setting their IP as yours, and it would create a conflict.

Another scary thought, if you set your IP address to the same as the default gateway, you'll probably take out half the internet in your town. Unless there's a way to prevent that, that I'm not aware of. I know it works on a LAN. How to shut down an entire hospital 101. :D Guy walks in with a laptop with the IP 10.1.1.1, it auto connects to the wireless, all hell breaks loose. Glad I was not there when it happened, only heard of it.
 
So what kind of connectivity do you have.. meaning how does your ISP hand off to you?

Take a look at DAI - dynamic arp inspection.
 
Me? It's VDSL with a 2Wire gateway. They flash a special firmware to make port 1 a bridge and ports 2-4 work like usual, they are behind NAT on the 2Wire on a 172.16.1.0/24 network. They use a dhcp WAN address.

They don't use MAC address bindings, at least on the bridged port. I've used Cisco and Mikrotik and currently an EdgeRouter with no issues.

I'm assuming they gave me a /30 because I got two IPs with the other two used for network/broadcast.
 
You must log in or register to reply here.
Back
Top