[c-nsp] help with one-armed routing

Kevin Graham mahargk at gmail.com
Wed Mar 16 21:23:32 EST 2005 

If the second interface (assuming fas 0/1) is entirely standalone, a
VRF-lite config like:

ip vrf onefiveone
   rd 0:0
int fas 0/1
  ip vrf forwarding onefiveone
  ip address 192.168.151.128 255.255.255.0
ip route vrf onefiveone 192.158.55.0 255.255.255.0 192.168.151.254
ip route vrf onefiveone 0.0.0.0 0.0.0.0 192.168.151.1

...would do the trick w/o the need for PBR or ACL's to accomplish what
you're describing.

On Wed, 16 Mar 2005 17:56:57 -0800, Eric Louie <elouie at yahoo.com> wrote:
> Thanks.  I have the policy routing config done now, but...
> 
> I need to isolate traffic on this interface from the other interfaces, and
> vice-versa.
> 
> Are there access lists on the 2nd fastethernet interface required to prevent
> any packet leakage/spillage?
> 
> -e-
> 
> ----- Original Message -----
> From: "Bruce Pinsky" <bep at whack.org>
> To: "Eric Louie" <elouie at yahoo.com>
> Cc: <cisco-nsp at puck.nether.net>
> Sent: Wednesday, March 16, 2005 5:42 PM
> Subject: Re: [c-nsp] help with one-armed routing
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Eric Louie wrote:
> > | Hi folks
> > | I have a configuration that I need help with
> > |
> > | Here is the scenario -
> > | router with 2 fast ethernet interfaces, and one serial interface
> > | default route is out the serial interface
> > | the 1st fast ethernet interface is enabled
> > | the 2nd fast ethernet interface is shutdown
> > |
> > | I want to use the 2nd fast ethernet interface as a one-armed router,
> > | independent of the rest of the router.  It cannot allow any traffic to
> > pass
> > | through, it can only bounce traffic.
> > |
> > | Here are the conditions for that 2nd fast ethernet interface:
> > | if the source IP is 192.168.151.0 /24 then route it - if it is not that,
> > | then drop it.
> > |
> > | if the destination IP is 192.158.55.0.0 / 24 then send it to
> > 192.168.151.254
> > |
> > | otherwise, send the traffic to 192.69.151.1
> > |
> > | Anyone game to help me with this configuration?
> > |
> >
> > Should be easily accomplished with Policy Based Routing.  See
> >
> > http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800c75d2.html#wp1001052
> >
> > - --
> > =========
> > bep
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.0 (MingW32)
> >
> > iD8DBQFCOOB8E1XcgMgrtyYRAiDlAJ4mDCz2eC3z+VWg0odVPnckqRyvLwCeL+ma
> > OXfp467pyCrlNVRCE6LMuaQ=
> > =A+pI
> > -----END PGP SIGNATURE-----
> >
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list