Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Shun Interface

When shunning, how is the interface decided?

show shun

shun (outside) 1.1.1.1 0.0.0.0 0 0 0

shun (inside) 2.2.2.2 0.0.0.0 0 0 0

I believe both IP addresses should be shunned on the outside interface.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Shun Interface

As per my understanding

The decision order is as follows

1. Static NAT entry

All static entries are checked to see if there is an entry with the global IP as the shunned IP. If there is then the actual shunned IP would be the local IP and the interface would be the local interface.

2. check the global addresses in the xlate and same process as above

3. If there is still no match, then a route lookup to figure out the source interface for this address and apply the shun to the interface returned by the route lookup.

Syed Iftekhar Ahmed

2 REPLIES

Re: Shun Interface

As per my understanding

The decision order is as follows

1. Static NAT entry

All static entries are checked to see if there is an entry with the global IP as the shunned IP. If there is then the actual shunned IP would be the local IP and the interface would be the local interface.

2. check the global addresses in the xlate and same process as above

3. If there is still no match, then a route lookup to figure out the source interface for this address and apply the shun to the interface returned by the route lookup.

Syed Iftekhar Ahmed

New Member

Re: Shun Interface

Thanks. I found a static entry that should have been a class C but instead referenced a class B.

138
Views
0
Helpful
2
Replies