Options

Prevent route broadcast out specific port

jaredmalcolmjaredmalcolm Registered Users Posts: 2 ■□□□□□□□□□
in CCNA & CCENT
I'm in the process of building a mock of our network at work. I'm wanting to make sure that the mock network doesn't broadcast itself to the rest of the prod network, but I'd like internet access to the equipment. Is there a way to prevent the main lab router from sending it's networks out of a specific port?

Not sure if I'm wording this correctly....or could I simply use a different eigrp #?
· Share on FacebookShare on Twitter

Comments

  • Options
    IvanjamIvanjam Member Posts: 978 ■■■■□□□□□□
    @jaredmalcolm - did you mean this?Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 - EIGRP Commands  [Cisco IOS Software Releases 12.2 Mainline] - Cisco Systems
    Fall 2014: Start MA in Mathematics [X]
    Fall 2016: Start PhD in Mathematics [X]
    · Share on FacebookShare on Twitter
  • Options
    Mrock4Mrock4 Banned Posts: 2,359 ■■■■■■■■□□
    access-list 1 deny 10.0.0.0 0.255.255.255 <
    Route you want to filter out of advertisements
    access-list 1 permit any
    !
    router eigrp 10
    !
    distribute-list 1 out s0/0 (or other interface)

    Ensure you include the "permit any" if you aren't using a distribute-list already- if you don't include the permit any you'll deny ALL routes via implicit deny.
    · Share on FacebookShare on Twitter
  • Options
    DCDDCD Member Posts: 473 ■■■■□□□□□□
    You could use the passive interface command.
    · Share on FacebookShare on Twitter
  • Options
    Mrock4Mrock4 Banned Posts: 2,359 ■■■■■■■■□□
    DCD wrote: »
    You could use the passive interface command.

    It sounds like (I have no idea for sure) he wants EIGRP to advertise this network to a portion of the network (which implies he needs it advertised), but doesn't want it out only one segment- and if he's running EIGRP in that segment, that causes an issue with using the passive-interface command.
    · Share on FacebookShare on Twitter
  • Options
    iamme4evaiamme4eva Member Posts: 272
    jaredmalcolm wrote: »
    I'm wanting to make sure that the mock network doesn't broadcast itself to the rest of the prod network, but I'd like internet access to the equipment.


    If you want to use the internet through your production network, then your production network will have to have routes to/from your test network, otherwise it can't be used as transit. A passive interface will stop a neighbor relationship forming on a specific interface, and the distribute lists mentioned above will filter out advertisements. But if you intend to transit through your production network to get to / from the internet then you need a route through it, in both directions and at every hop.
    Current objective: CCNA Security
    My blog: mybraindump.co.uk
    · Share on FacebookShare on Twitter
  • Options
    theodoxatheodoxa Member Posts: 1,340 ■■■■□□□□□□
    iamme4eva wrote: »
    If you want to use the internet through your production network, then your production network will have to have routes to/from your test network, otherwise it can't be used as transit. A passive interface will stop a neighbor relationship forming on a specific interface, and the distribute lists mentioned above will filter out advertisements. But if you intend to transit through your production network to get to / from the internet then you need a route through it, in both directions and at every hop.

    There is another option. Use NAT. He could use EIGRP, OSPF, or [God forbid] RIP internally on his mock network and just configure the interface facing his production network using the passive-interface command. Configure NAT to translate between addresses on his mock network and one (PAT) or more (SNAT, DNAT) addresses on his production network.
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
    · Share on FacebookShare on Twitter
Sign In or Register to comment.