Re: Routing

Shahideachattil · ‎05-05-2022

I have to communicte site 1 to site 5 without communicate ospf domain.So i got solution by using gre tunnel from r2 to r5.but i have problem with r2.I have configured ospf and eigrp route in r2. I didnt want to communicte 141.88.83.36 & 37 as per my requirement

Flavio Miranda · ‎05-05-2022

It is PacketTracer? In case it is, attached the zipped file here.

paul driver · ‎05-05-2022

Hello

Duplicate post here

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Shahideachattil · ‎05-05-2022

i got the solution from you.but it hasn't finshed yet.I had another requirement

>R2 should not be ping 143.88.83.36

143.88.83.37

balaji.bandi · ‎05-05-2022

If you Looking R2 should not ping then you need to add ACL for those IP in deny list

https://community.cisco.com/t5/networking-documents/access-control-lists-acl-explained/ta-p/4182349#:~:text=Cisco%20ACLs%20are%20characterized%20by,a%20Cisco%20interface%20per%20protocol.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Shahideachattil · ‎05-05-2022

I configured gre tunnel with eigrp route from site 1 to site 5.but r2 router has eigrp route and ospf route also.so r2 router is my site 1 router so i didnt want to ping to r3 router.I only need tunnel to communicate site 5.but if i block the network with access-list mean time tunnel interface down

Joseph W. Doherty · ‎05-06-2022

I believe the problem is, you don't understand your requirements (laugh, unclear to me) and/or they are not possible.

Regarding R2 ping R3, again, it should (normally) be able to do this.

By default, if R2 pings R3, it will use the interface in site 7's IP which R3 "knows" and will reply to. However, if you extended ping, using R2's site 1 interface's IP, the ping will be sent to R3, but R3 shouldn't, by default, be able to reply, as it wouldn't "know" where to send the ping reply.

If you used VRFs, as I mentioned in my other thread reply, to use ping, it would be tied to a VRF, so, for example, the interface IPs, on both the site 1 and site 7 interfaces, would not be "known", together. I.e. they would only be known in one VRF or the other.

MHM Cisco World · ‎05-05-2022

R2 if have GRE tunnel then need
ip route TUNNEL destination toward R3 <- this only routing in R2

this make R2 UP GRE tunnel and can not ping other than tunnel destination in R3.

check this solution.

sivared0001 · ‎05-06-2022

see the topology i am supposed to ping from site 1 and site 5 each other without giving any route from site 7 and also not supposed to change anything in topology

is there any other way to make communication between site 1 and site 5

Joseph W. Doherty · ‎05-05-2022

So your additional requirement is R2 should be blocked from sending ping requests to .36 and .37? If so, as others have posted, and ACL might be used.

BTW, do you know why you have such a requirement? (As it's "natural" that R2 should be able to ping other IPs within its L3 topology.)

sivared0001 · ‎05-06-2022

did you find to communicate site-1 and site-2 eachother without going through site-7

paul driver · ‎05-06-2022

Hello

R2
conf t
ip access-list extended NO-ICMP
deny icmp host 144.88.83.37 any echo
deny icmp host 144.88.83.37 any echo-reply
deny icmp host 144.88.83.36 any echo
deny icmp host 144.88.83.36 any echo-reply
permit ip any any

int eth2/0
ip access-group NO-ICMP IN

Note: R3 would still be able to ping via it connected interface, if you wish for this to be denied also just amend the above acl to incorporate host 143.88.83.4.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul