Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
cco
New Member

Accessing a Directly Connected Network

Is it possible to exclude a directly connected network on a router from the routing table? In other words; lets suppose that a router has an interface in network X, is it possible to prevent access to network X from any other network without using ACLs? For example, by making network X not routable (removing it from the routing table). Is that practically possible?

Thanks

3 REPLIES

Re: Accessing a Directly Connected Network

I am not entirely clear why you would want to do this, but normally you could do it with an access-list.

You could shut down the router interface on that network, but I guess thta is not what you are after.

If you are talking about a layer-3 switch, then simply delete the VLAN interface. That will leave you with the layer-2 still working, but with no routing into or out of it. That is, hosts on the VLAN could still communicate with each other, but not with any other VLAN.

Is it that you want the router just to act as a host on that network? If that is the case, then I cannot thonk of a way of doing it. What I usually do in that case is to find a layer-3 switch on my network that is only operating in layer-2 mode, i.e. with routing disabled, and configure a VLAN interface on that.

Kevin Dorrell

Luxembourg

cco
New Member

Re: Accessing a Directly Connected Network

Thanks Kevin, well yes am talking about a layer3 switch that has vlan interfaces configured. The idea is that one of these VLAN interfaces is going to be used to manage the switch (Telnet or SSH). I want to be able to manage the switch from within the same management VLAN while denying management access from any other network. I was wondering if it's possible to do that without using ACLs on the management VLAN interface.

Re: Accessing a Directly Connected Network

Oh, I see! So you cannot simply delete the layer-3 VLAN interface, 'cos that would zap your management functions as well.

Sorry, apart from the access lists (in this case applied to the vty lines as well as the VLAN interface), I cannot think of a better way to do it. How about anyone else?

Kevin Dorrell

Luxembourg

248
Views
0
Helpful
3
Replies
CreatePlease to create content