09-03-2012 01:12 AM - edited 03-07-2019 08:39 AM
hi ,,
i have a topology shown below :
<====Gi0/1==Router 1 ==Gi0/2============>Swith=======router 2 ======internet
|
|
|
server with ip 10.160.150.100/24
on router R1 interface Gi0/2 has the ip 10.160.150.1/24
now i want to prevent the server from beign reached from interface Gi0/1 and allow the others .
on Router 1 , i did a route to null0 but it still can be reached .
##ip route 10.160.150.100 255.255.255.255 null 0
but it still can be reached because the AD of static route is 1 and the diretly connected is 0
this mean that R1 wil always forward the packets to netx hop Gi0/2
another solution but afraid to do it ,
i can use access list and match the server and apply it to interface , but the router cpu will get high because on interface Gi0/2 thousands of clients are being serviced , and i think if i add acl to that interface , it will down my router .
as wt about finding a soution about my 1st scenario or any thing better ??
regards ,
Ahmd
Solved! Go to Solution.
09-03-2012 08:02 AM
Hi Ahmed,
i wouldn't be afraid of a si mple access-list applied on the g0/1 :
ip access-list 101 deny ip 192.168.10.0 (LAN) host 10.160.150.100
ip access-list 101 permit ip any any
interface g0/1
ip access-group 101 in
end
wr
!
Take Care
Alessio
PS: i would actually deny the entire subnet 10.160.150.0/xx if you can
09-03-2012 08:02 AM
Hi Ahmed,
i wouldn't be afraid of a si mple access-list applied on the g0/1 :
ip access-list 101 deny ip 192.168.10.0 (LAN) host 10.160.150.100
ip access-list 101 permit ip any any
interface g0/1
ip access-group 101 in
end
wr
!
Take Care
Alessio
PS: i would actually deny the entire subnet 10.160.150.0/xx if you can
09-03-2012 08:29 AM
thanks ,
i will try and give u a reply
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide