[c-nsp] PPPOE Filtering
Robert Blayzor
rblayzor at inoc.net
Tue Dec 12 20:25:58 EST 2006
Paul Stewart wrote:
> Hmm.... That's interesting and didn't think of that to be honest... The
> routed interface actually is a subinterface going towards a switch....
>
> How would I separate the traffic onto two subinterfaces? It's a 2621
> router and 2924 switch ...
I don't really think you can, since PPPoE is not at the IP layer, so
access-lists won't do you much good. However, maybe build the
access-list in reverse and permit the subnet of the radios/wireless gear
and deny everything else. We generally do this in VLAN's, but since you
cannot the best way IMHO would be to use another router interface, one
numbered, one not.... or maybe a separate router to just handle the
management subnet?
--
Robert Blayzor, BOFH
INOC, LLC
rblayzor\@(inoc.net|gmail.com)
PGP: 0x66F90BFC @ http://pgp.mit.edu
Key fingerprint = 6296 F715 038B 44C1 2720 292A 8580 500E 66F9 0BFC
(A)bort, (R)etry, (T)ake down entire network?
More information about the cisco-nsp
mailing list