I want to connect the LAN of an office to E0. I want to connect S0 to a private T-1 that comes to our office. S0 is the default route. I want the office on E0 to get their data through us. All routes are static.
Here's where it get's tricky. There are some services we can't provide, they belong on a LAN in the building that the office is in. I want to connect E1 to that LAN. I do not want the default route of S0 used or advertised to E1. In fact, I want anything advertised on that interface.
I know using firewall IOS and access-lists will prevent the E1 lan users from getting in, but will it stop broadcasts and route availability?
What kind of connectivity are you trying to achieve between the LAN on E1 and the LAN on E0? Just to make things a little clearer a router by default does not allow broadcasts to go through so even if you do not have access-lists broadcasts will still not be exchanged between the two LAN interfaces unless they are bridged. Since all routes are static you are not advertising routes out your LAN interfaces. I am assuming the users on E1 will have the default-gateway configured as the IP of the router's E1 interface; this will allow them to reach anywhere the router can reach unless the destination does not have a route back to E1. Using access-lists you can control what the users on E1 can and cannot access.
What I am trying to accomplish is to put this router on the network and not have it broadcast any type of message that it even exists. Basically I want it hidden from all the other routers and devices on the network. I only want specific users to be able to access this one router. It will be one or two users that will have to access the router.
What I do not want is for the router to try and link itself to other routers on the network which may cause some problems for the other routers on the network. In no way should this router announce itself at any time.
I think I am going to have to use access lists to control this - am I wrong?
Yes, you are wrong. It is actually much easier. Indeed, unless you explicitly turn on a routing protocol, there is no way any other devices on the LAN will know that your router is a router and not just another end system. However, it is also true that unless a box on that LAN is configured to send packets to your router, there is no way for traffic to get to the network behind your router. This means that users/devices on the network behind your router will only be able to reach specially configured devices on the front LAN.
If your users/devices on the network behind your router need to communicate without special programming (otherwise known as static routes) or with non-local systems, you will need to configure NAT on the router so that all packets look like they are originating from your router rather than from devices behind your router.
Hint: pretend you are setting up a stealth firewall to connect your private LAN to the Internet via an Ethernet connection. The concepts are identical, as are the limitations.
Good luck and have fun!
Vincent C Jones
Vincent is right in saying that unless you explicitly configure the router for a routing protocol it will not advertise itself to other devices on the network. If you want to make it completely invisible to most of the network devices then disable CDP on that interface and also configure access-lists to only allow specific users access via that interface and disallow the router to respond to any snmp queries or telnet requests. There might be things i have missed out on but this is to give you a general idea.