Prevent route broadcast out specific port

I'm in the process of building a mock of our network at work. I'm wanting to make sure that the mock network doesn't broadcast itself to the rest of the prod network, but I'd like internet access to the equipment. Is there a way to prevent the main lab router from sending it's networks out of a specific port?

Not sure if I'm wording this correctly....or could I simply use a different eigrp #?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Ivanjam

@jaredmalcolm - did you mean this?Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 - EIGRP Commands [Cisco IOS Software Releases 12.2 Mainline] - Cisco Systems

Mrock4

access-list 1 deny 10.0.0.0 0.255.255.255 <

Route you want to filter out of advertisements
access-list 1 permit any
!
router eigrp 10
!
distribute-list 1 out s0/0 (or other interface)

Ensure you include the "permit any" if you aren't using a distribute-list already- if you don't include the permit any you'll deny ALL routes via implicit deny.

DCD

You could use the passive interface command.

Mrock4

DCD wrote: »

You could use the passive interface command.

It sounds like (I have no idea for sure) he wants EIGRP to advertise this network to a portion of the network (which implies he needs it advertised), but doesn't want it out only one segment- and if he's running EIGRP in that segment, that causes an issue with using the passive-interface command.

iamme4eva

jaredmalcolm wrote: »

I'm wanting to make sure that the mock network doesn't broadcast itself to the rest of the prod network, but I'd like internet access to the equipment.

If you want to use the internet through your production network, then your production network will have to have routes to/from your test network, otherwise it can't be used as transit. A passive interface will stop a neighbor relationship forming on a specific interface, and the distribute lists mentioned above will filter out advertisements. But if you intend to transit through your production network to get to / from the internet then you need a route through it, in both directions and at every hop.

theodoxa

iamme4eva wrote: »

If you want to use the internet through your production network, then your production network will have to have routes to/from your test network, otherwise it can't be used as transit. A passive interface will stop a neighbor relationship forming on a specific interface, and the distribute lists mentioned above will filter out advertisements. But if you intend to transit through your production network to get to / from the internet then you need a route through it, in both directions and at every hop.

There is another option. Use NAT. He could use EIGRP, OSPF, or [God forbid] RIP internally on his mock network and just configure the interface facing his production network using the passive-interface command. Configure NAT to translate between addresses on his mock network and one (PAT) or more (SNAT, DNAT) addresses on his production network.