Re: How to turn off auto-routing between interfaces in same router ? is there any command for that ?

Abdelrhman Elmenyawe · ‎12-30-2017

In router on stick , I face a problem is that when I create two sub-interfaces with two different networks each for a specified VLAN, the devices in those VLANs although they are in different VLANs and subnets, they can see each.

I don't know why, if those devices in different VLANs they can't see each other even if they are in same subnet IP, so why here with different subnets for each VLAN they see each other ?!!

I think it related to automatic routing that router by default does for its interfaces.

Thanks in advance to anyone that can help me.

The same result in both packet tracer and GNS3 !!

Jon Marshall · ‎02-01-2018

Routers will automatically route between connected interfaces with an IP address so you are right in what you say.

If you want to restrict the traffic between the subnets you can use acls on the interfaces.

Or if you don’t want any traffic between the subnets don’t configure routing on a stick.

Jon

Deepak Kumar · ‎02-02-2018

Hi,

A router is an l3 device and routing is enabled by default. So that you can see each other. If you really want to block the communication then configure ACL standard or extended.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Richard Burts · ‎02-02-2018

If the original poster wants to keep the vlans separated another alternative might be to use vrf lite. We do not know what the original poster is attempting to achieve and that makes it difficult to give good advice. Perhaps the original poster can provide some clarification about what they are attempting to achieve?

HTH

Rik

HTH

Rick

Joseph W. Doherty · ‎02-02-2018

Although the suggestions to use ACLs to block traffic between VLANs will work, Rick's mention of using VRF, by default, essentially allows building the equivalent of virtual L3 topologies (much as VLANs do for L2).

A router, but default, will still "auto-route" between connected networks that belong to the same VRF, but it won't "auto-route" between networks in different VRFs.

gwinn.joe · ‎02-02-2018

We're not sure if you're trying to accomplish something specific or just looking for an explanation of why the vlans get routed when connected to the router.

The router will route to any network that it is directly connected to or knows about in its routing table, there's not a specific command to "turn off auto-routing" unless you turn routing off globally. That's what they are designed to do. Before multilayer switches came around, the router on a stick was the only way to have intervlan communication. In your GNS3 diagram, the Multilayer switches would be capable of intervlan routing also. To control that traffic, you'll need to use access control lists. For your scenario, to stop vlans 10 and 20 from being routed between each other an ACL would need to be put on the sub-interfaces on the router. They would look something like this:

Router-1

ip access-list 10

deny ip 11.0.0.0 0.0.0.255

permit ip any any

interface fa0/0.10 (sub-interface for vlan 10)

ip access-group 10

That list would block vlan 20 traffic from being routed into the vlan 10 sub-interface but still allow both vlans to be routed elsewhere