[c-nsp] Disable some routing

[Jyotirmay Samanta]

I don't know if I have understood your scenario properly. But based on your
description it looks like you also have one ip address from the office
network in the router. Now as u correctly said it's a normal behavior and if
you want to stop this u have two options.

1. Put the office vlan interface in a different VRF (Virtual Routing
Forwarding) instance - Incase you don't need an Internet access out of this
Office. For Intranet depending on your number of prefix you can do a route
leaking.
2. Use ACL to block traffic from Office LAN segment to management segment.

Let me know if it answers your question.


Thanks & Regards,
Jyotirmay Samanta.
Network Engineering
Google Inc.


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Bernd Ueberbacher
Sent: Wednesday, June 06, 2007 3:17 PM
To: cisco-nsp
Subject: [c-nsp] Disable some routing

Hi there!

I've got a bit of a strange question...
I have a small Cisco Router with some VLANs and a Catalyst behind. If I
connect one office to the switch in a seperate VLAN with an official IP
address, the person can reach everything, but in my case (or the general
case?) a bit too much. One VLAN on the switch and the Router is for
management, with 10.0.0.0/24, but as the router is doing what it is
supposed to do, he routes everything for this network, as the router
also has an IP in this network. A person in the office can now ping,
telnet, ... into my management network. If I remove the IP address from
the routers VLAN, the problem is "solved", but not the way I want it to
be solved *G* 

I hope you understand my problem, because it's somehow hard to explain
and even harder to search for in google ;-)


Thanks and have a nice day,
Bernd



_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/