[c-nsp] Is there anyway to adjust the administrative distance for 'connected'?

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Mon Feb 18 07:03:26 EST 2008


Hi,
> On Feb 15, 2008 2:27 AM, Drew Weaver <drew.weaver at thenap.com> wrote:
> > I'm trying to make it impossible for hosts whom are 'blackholed' to even send traffic to their 'default gateway' or hosts whom are connected to the same 'distribution' switch that the blackholed host are connected to. The Blackhole routes have an administrative distance of 1 currently and as we all know normally 'connected networks' have an AD of 0.

sounds like private vlans, switchport protected and a bit of dynamic
arp instecption and dhcp snooping.  couple that with a block of
ACLs on the router VLAN config et voila. they are isolated...but
then able to see your captive portal message, virus update server
or whatever.

alan


More information about the cisco-nsp mailing list