[c-nsp] help with one-armed routing
Eric Louie
elouie at yahoo.com
Wed Mar 16 20:56:57 EST 2005
Thanks. I have the policy routing config done now, but...
I need to isolate traffic on this interface from the other interfaces, and
vice-versa.
Are there access lists on the 2nd fastethernet interface required to prevent
any packet leakage/spillage?
-e-
----- Original Message -----
From: "Bruce Pinsky" <bep at whack.org>
To: "Eric Louie" <elouie at yahoo.com>
Cc: <cisco-nsp at puck.nether.net>
Sent: Wednesday, March 16, 2005 5:42 PM
Subject: Re: [c-nsp] help with one-armed routing
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Eric Louie wrote:
> | Hi folks
> | I have a configuration that I need help with
> |
> | Here is the scenario -
> | router with 2 fast ethernet interfaces, and one serial interface
> | default route is out the serial interface
> | the 1st fast ethernet interface is enabled
> | the 2nd fast ethernet interface is shutdown
> |
> | I want to use the 2nd fast ethernet interface as a one-armed router,
> | independent of the rest of the router. It cannot allow any traffic to
> pass
> | through, it can only bounce traffic.
> |
> | Here are the conditions for that 2nd fast ethernet interface:
> | if the source IP is 192.168.151.0 /24 then route it - if it is not that,
> | then drop it.
> |
> | if the destination IP is 192.158.55.0.0 / 24 then send it to
> 192.168.151.254
> |
> | otherwise, send the traffic to 192.69.151.1
> |
> | Anyone game to help me with this configuration?
> |
>
> Should be easily accomplished with Policy Based Routing. See
>
> http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800c75d2.html#wp1001052
>
> - --
> =========
> bep
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (MingW32)
>
> iD8DBQFCOOB8E1XcgMgrtyYRAiDlAJ4mDCz2eC3z+VWg0odVPnckqRyvLwCeL+ma
> OXfp467pyCrlNVRCE6LMuaQ=
> =A+pI
> -----END PGP SIGNATURE-----
>
More information about the cisco-nsp
mailing list