That depends on what your configuration (IOS level) is. And whether or not
you have proxy-arp enabled (will work) or disabled (won't work).
There are various ways to look at things. Being that he said he had a CMTS,
I assumed that meant he DID control the box. :) CMTS being the router guy
at the head-end (not the router/modem that exists at the customer site).
So there are varying degrees of "correct" here. :)
Scott
-----Original Message-----
From: Chris Davis [mailto:chris.davis@computerjobs.com]
Sent: Monday, March 11, 2002 9:44 AM
To: cisco-nsp@puck.nether.net
Subject: RE: CISCO CMTS question ? ? ? ?
Greetings,
Pardon my probable misunderstanding of the cable interface.
The clients on a subnet cannot arp and ping each other on the same subnet
without passing through the router interface?
This must be true if
> access-list 101 deny icmp 24.16.16.0 0.0.0.255 24.16.16.0 0.0.0.255
is going to perform any work. Otherwise that icmp traffic would never touch
the router.
For your clients on the same subnet, you have no control via your router of
what goes between them, correct?
Again there probably is something special about cable I don't know, but not
surprisingly a 'cable and interface' search isn't helping me find the
answer.
Thanks,
Chris Davis
Site Engineer
ComputerJobs.com
http://www.computerjobs.com
-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Monday, March 11, 2002 9:15 AM
To: isp-cable@isp-cable.com; cisco-nsp@puck.nether.net
Subject: RE: RE: CISCO CMTS question ? ? ? ?
Well, that "permit ip any any" would pretty much do that. Usually (in this
type of scenario), what you do is figure out what you want to deny and then
permit the rest.
Any other security concerns, or specific needs would really depend on your
network design, and treated on a case-by-case basis...
On the other hand, if you're interested, I'd be happy to consult with you on
this and either work on your network or train you to do so. :)
Scott Morris, MCSE, CCDP, CCIE2 (R&S/ISP-Dial) #4713, CCNA-WAN Switching,
Security Specialization, Cable Communications Specialist
CCSI #21903
swm@emanon.com
-----Original Message-----
From: Tejal Shah [mailto:tejal.shah@surat.iqara.net]
Sent: Monday, March 11, 2002 8:49 AM
To: isp-cable@isp-cable.com
Cc: isp-cable@isp-cable.com
Subject: Re: RE: CISCO CMTS question ? ? ? ?
Thanks Scott.
If i want to stop any kind of access between the client and
permit only internet access how can i do it? ? ?
Tejal
----- Original Message -----
From: "Scott Morris" <swm@emanon.com>
Date: Monday, March 11, 2002 7:10 pm
Subject: RE: CISCO CMTS question ? ? ? ?