Hello, I have a switch with some VM's hanging off of it. I want to isolate VLAN 888 which is to be used for malware, so I therefore want it isolated BUT I want it to be able to access the Internet to download malware etc.
I have set-up VRF on interface VLAN888 and given it an IP address, 18.104.22.168
I just want hosts on 20.0.0.x to be able to get to the internet, download malware, surf the net, etc. I do not want this subnet talking to anything but the gateway. I am trying to limit my exposure from malware (I am doing malware analysis) I have several other vlans which I have taken out of this config for this post.
If I don't use the GLOBAL keyword at the end of the ip route vrf red 0.0.0.0 0.0.0.0 10.10.10.1 global command than it will simply not work at all
However, it IS "working" configured like this but I can ping other subnets within the switch. I would of thought, without the global command that this would have worked and everything is sweet and that vrf red would know about the gateway. The gateway also has a route pointing back to 22.214.171.124 255.0.0.0 10.10.10.2
Is this correct? not correct? Any tips? Thanks - Geoff
Routing Table: red Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.10.10.1 to network 0.0.0.0
C 126.96.36.199/8 is directly connected, Vlan888 S* 0.0.0.0/0 [1/0] via 10.10.10.1
interface Vlan500 ip address 192.168.6.1 255.255.255.0 ip helper-address 192.168.3.19 ip accounting output-packets ip accounting access-violations !
! interface Vlan800 description Firewall-Gateway_VLAN ip address 10.10.10.2 255.255.255.252 ! interface Vlan888 description MALWARE ip vrf forwarding red ip address 188.8.131.52 255.0.0.0 ! ip classless ip route 0.0.0.0 0.0.0.0 10.10.10.1 (gateway to internet) ip route 184.108.40.206 255.0.0.0 Vlan888 ip route vrf red 0.0.0.0 0.0.0.0 10.10.10.1 global
1. Introduction Internet security is important with the increasing
attacks that are happening every day. Many internet and browsing
security solutions exist, but some are not very easy to use or maybe the
question is how can I enable them? In this referen...
Cisco Software Manager Server API Guide This document describes the
programmatic interfaces, RESTful APIs, which are supported by Cisco
Software Manager Server (CSM Server). Overview CSM Server supports a set
of finite RESTful APIs. The first step to use ...
If you are using Cisco's new linux-based Cisco Software Manager server,
then you probably want to make sure there is a startup service for
it.I'll assume that you've already installed the CSM server on a
systemd-based linux system. The commands given belo...