Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

how to deny a network that is directly connected to me !!

hi ,,

i have a  topology shown below :

<====Gi0/1==Router 1 ==Gi0/2============>Swith=======router 2 ======internet

                                                                      |

                                                                      |

                                                                      |

                                                  server with ip 10.160.150.100/24

on router R1 interface Gi0/2 has  the ip 10.160.150.1/24

now i want to  prevent  the server from beign reached from interface Gi0/1 and allow the others .

on  Router 1 ,  i did a route to null0 but it still can be reached .

##ip route 10.160.150.100 255.255.255.255 null 0

but it still can be reached because the AD of static route is 1 and the diretly connected is 0

this mean that R1 wil  always forward the packets to netx hop Gi0/2

another solution but afraid to do it ,

i can use access list  and match the server and apply it to interface , but the router cpu will get high because on interface Gi0/2 thousands of clients are being serviced , and i think if i add acl to that interface , it will down my router .

as wt about finding a soution about my 1st scenario or any thing better ??

regards ,

Ahmd

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: how to deny a network that is directly connected to me !!

Hi Ahmed,

i wouldn't be afraid of a si mple access-list applied on the g0/1 :

ip access-list 101 deny ip 192.168.10.0 (LAN) host 10.160.150.100

ip access-list 101 permit ip any any

interface g0/1

ip access-group 101 in

end

wr

!

Take Care

Alessio

      

PS: i would actually deny the entire subnet 10.160.150.0/xx if you can

2 REPLIES

Re: how to deny a network that is directly connected to me !!

Hi Ahmed,

i wouldn't be afraid of a si mple access-list applied on the g0/1 :

ip access-list 101 deny ip 192.168.10.0 (LAN) host 10.160.150.100

ip access-list 101 permit ip any any

interface g0/1

ip access-group 101 in

end

wr

!

Take Care

Alessio

      

PS: i would actually deny the entire subnet 10.160.150.0/xx if you can

Community Member

Re: how to deny a network that is directly connected to me !!

thanks ,

i will try and give u a reply

regards

425
Views
0
Helpful
2
Replies
CreatePlease to create content