cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
502
Views
0
Helpful
2
Replies
Highlighted

how to deny a network that is directly connected to me !!

hi ,,

i have a  topology shown below :

<====Gi0/1==Router 1 ==Gi0/2============>Swith=======router 2 ======internet

                                                                      |

                                                                      |

                                                                      |

                                                  server with ip 10.160.150.100/24

on router R1 interface Gi0/2 has  the ip 10.160.150.1/24

now i want to  prevent  the server from beign reached from interface Gi0/1 and allow the others .

on  Router 1 ,  i did a route to null0 but it still can be reached .

##ip route 10.160.150.100 255.255.255.255 null 0

but it still can be reached because the AD of static route is 1 and the diretly connected is 0

this mean that R1 wil  always forward the packets to netx hop Gi0/2

another solution but afraid to do it ,

i can use access list  and match the server and apply it to interface , but the router cpu will get high because on interface Gi0/2 thousands of clients are being serviced , and i think if i add acl to that interface , it will down my router .

as wt about finding a soution about my 1st scenario or any thing better ??

regards ,

Ahmd

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Contributor

Hi Ahmed,

i wouldn't be afraid of a si mple access-list applied on the g0/1 :

ip access-list 101 deny ip 192.168.10.0 (LAN) host 10.160.150.100

ip access-list 101 permit ip any any

interface g0/1

ip access-group 101 in

end

wr

!

Take Care

Alessio

      

PS: i would actually deny the entire subnet 10.160.150.0/xx if you can

View solution in original post

2 REPLIES 2
Highlighted
Contributor

Hi Ahmed,

i wouldn't be afraid of a si mple access-list applied on the g0/1 :

ip access-list 101 deny ip 192.168.10.0 (LAN) host 10.160.150.100

ip access-list 101 permit ip any any

interface g0/1

ip access-group 101 in

end

wr

!

Take Care

Alessio

      

PS: i would actually deny the entire subnet 10.160.150.0/xx if you can

View solution in original post

Highlighted

thanks ,

i will try and give u a reply

regards

Content for Community-Ad