[c-nsp] Strange Arp Entries
Saku Ytti
saku at ytti.fi
Sat Aug 31 02:20:47 EDT 2013
On (2013-08-30 19:22 -0700), Randy wrote:
> +1 to Gert for pointing out that pointing a dest to an interface; when the media type boradcast is always a bad-idea.
Always is almost always a too strong word :)
We do this:
int customerX
ip address 192.0.1.0 255.255.255.254
!
ip route 192.0.1.1 255.255.255.255 customerX
Goals are
a) 192.0.1.1/32 CPE is reachable from INET
b) 192.0.1.0/32 PE is not reachable from INET, to reduce attack surface
--
++ytti
More information about the cisco-nsp
mailing list