i have a topology shown below :
<====Gi0/1==Router 1 ==Gi0/2============>Swith=======router 2 ======internet
server with ip 10.160.150.100/24
on router R1 interface Gi0/2 has the ip 10.160.150.1/24
now i want to prevent the server from beign reached from interface Gi0/1 and allow the others .
on Router 1 , i did a route to null0 but it still can be reached .
##ip route 10.160.150.100 255.255.255.255 null 0
but it still can be reached because the AD of static route is 1 and the diretly connected is 0
this mean that R1 wil always forward the packets to netx hop Gi0/2
another solution but afraid to do it ,
i can use access list and match the server and apply it to interface , but the router cpu will get high because on interface Gi0/2 thousands of clients are being serviced , and i think if i add acl to that interface , it will down my router .
as wt about finding a soution about my 1st scenario or any thing better ??
i wouldn't be afraid of a si mple access-list applied on the g0/1 :
ip access-list 101 deny ip 192.168.10.0 (LAN) host 10.160.150.100
ip access-list 101 permit ip any any
ip access-group 101 in
PS: i would actually deny the entire subnet 10.160.150.0/xx if you can