Prevent route broadcast out specific port

jaredmalcolmjaredmalcolm Registered Users Posts: 2 ■□□□□□□□□□
I'm in the process of building a mock of our network at work. I'm wanting to make sure that the mock network doesn't broadcast itself to the rest of the prod network, but I'd like internet access to the equipment. Is there a way to prevent the main lab router from sending it's networks out of a specific port?

Not sure if I'm wording this correctly....or could I simply use a different eigrp #?

Comments

  • IvanjamIvanjam Member Posts: 978 ■■■■□□□□□□
  • Mrock4Mrock4 Banned Posts: 2,359 ■■■■■■■■□□
    access-list 1 deny 10.0.0.0 0.255.255.255 <
    Route you want to filter out of advertisements
    access-list 1 permit any
    !
    router eigrp 10
    !
    distribute-list 1 out s0/0 (or other interface)

    Ensure you include the "permit any" if you aren't using a distribute-list already- if you don't include the permit any you'll deny ALL routes via implicit deny.
  • DCDDCD Member Posts: 475 ■■■■□□□□□□
    You could use the passive interface command.
  • Mrock4Mrock4 Banned Posts: 2,359 ■■■■■■■■□□
    DCD wrote: »
    You could use the passive interface command.

    It sounds like (I have no idea for sure) he wants EIGRP to advertise this network to a portion of the network (which implies he needs it advertised), but doesn't want it out only one segment- and if he's running EIGRP in that segment, that causes an issue with using the passive-interface command.
  • iamme4evaiamme4eva Member Posts: 272
    I'm wanting to make sure that the mock network doesn't broadcast itself to the rest of the prod network, but I'd like internet access to the equipment.


    If you want to use the internet through your production network, then your production network will have to have routes to/from your test network, otherwise it can't be used as transit. A passive interface will stop a neighbor relationship forming on a specific interface, and the distribute lists mentioned above will filter out advertisements. But if you intend to transit through your production network to get to / from the internet then you need a route through it, in both directions and at every hop.
    Current objective: CCNA Security
    My blog: mybraindump.co.uk
  • theodoxatheodoxa Member Posts: 1,340 ■■■■□□□□□□
    iamme4eva wrote: »
    If you want to use the internet through your production network, then your production network will have to have routes to/from your test network, otherwise it can't be used as transit. A passive interface will stop a neighbor relationship forming on a specific interface, and the distribute lists mentioned above will filter out advertisements. But if you intend to transit through your production network to get to / from the internet then you need a route through it, in both directions and at every hop.

    There is another option. Use NAT. He could use EIGRP, OSPF, or [God forbid] RIP internally on his mock network and just configure the interface facing his production network using the passive-interface command. Configure NAT to translate between addresses on his mock network and one (PAT) or more (SNAT, DNAT) addresses on his production network.
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
Sign In or Register to comment.