Re: [nsp] Interface Routing

From: Jared Mauch (jared@puck.nether.net)
Date: Fri Jul 12 2002 - 14:02:45 EDT


        I suggest the ACL approach then.

        eg:

        interface serial 0
         ip access-group 101 in
         ip access-group 102 out
        interface serial 1
         ip access-group 103 in
         ip access-group 104 out

        ! access-list 101 denys interface serial1 ips but allows rest
        ! access-list 102 denys traffic from serial0 ips to serial1
        ! access-list 103 denys interface serial0 ips but allows rest
        ! access-list 104 denys traffic from serial1 ips to serial0

        You probally want all four to prevent any 'evil' activities.

        - Jared

On Fri, Jul 12, 2002 at 01:54:19PM -0400, Stephane Gingras wrote:
> Exactly,
>
> I whant ip routing enabled because I whant thes 2 interfaces to route with
> the other interfaces. It just in between the 2 that I don't whant routing.
> Do you have any example.
>
> Thank's
>
> -----Message d'origine-----
> De : David Sinn [mailto:dsinn@microsoft.com]
> Envoye : 12 juillet, 2002 13:33
> A : Jared Mauch; Stephane Gingras
> Cc : cisco-nsp@puck.nether.net
> Objet : RE: [nsp] Interface Routing
>
>
> I guess along the lines of Jared's response, I'd have to ask "To what
> end?"
>
> If you want the box to just be on the networks in question and not do
> anything else, then turning off routing will solve your problem.
>
> If you want to have two interfaces on a box and not allow any traffic to
> go between them, but do allow it to others, then you should look at
> ACL's.
>
> Also this assumes you are talking about IP routing.
>
> David
>
> -----Original Message-----
> From: Jared Mauch [mailto:jared@puck.nether.net]
> Sent: Friday, July 12, 2002 8:49 AM
> To: Stephane Gingras
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [nsp] Interface Routing
>
>
> conf t
> no ip routing
>
>
> - jared
>
> On Fri, Jul 12, 2002 at 11:31:22AM -0400, Stephane Gingras wrote:
> > Hi all,
> >
> > I'm looking for a configuration example to be able to have 2
> specifique
> > interfaces/networks on 1 router to not be able to route between them.
> >
> > Thanks
> >
>
> --
> Jared Mauch | pgp key available via finger from jared@puck.nether.net
> clue++; | http://puck.nether.net/~jared/ My statements are only
> mine.
>
>

-- 
Jared Mauch  | pgp key available via finger from jared@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:49 EDT