Re: Protecting default gateway ip address

From: P729 (p729@xxxxxxx)
Date: Fri Aug 09 2002 - 21:13:12 GMT-3

• Next message: yakout esmat: "CCIE #9893"
• Previous message: Ludwig Morales: "Router 4 Sell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
 "...but does the first packet still need to be processed switched?"

Not with CEF. If there's a route to the destination in the routing table,
there's a corresponding entry in the FIB, so all packets to that destination
are fast-switched, even the first one.

Regards,

Mas Kato
https://ecardfile.com/id/mkato
----- Original Message -----
From: "Colin Barber" <Colin.Barber@telewest.co.uk>
To: <ccielab@groupstudy.com>
Sent: Friday, August 09, 2002 12:22 PM
Subject: OT: Protecting default gateway ip address

Hi Guys,

Sorry for the OT. Today at work some bright spark got the ip address and
default gateway the wrong way round on a Unix box in our data centre and
took down the whole subnet; just 200 systems and 8000 users not able to
communicate!

Has anybody got any ideas on the best way to protect the default gateway ip
address from misconfiguration? The device is a 300 port 6509 with the
default gateway being the internal MSFCs. The only way I can thing of is
using native IOS on the cat and applying an input access list denying the
source ip address of the default gateway on all 300 Ethernet ports. I know
the MSFCs can wire-speed route ip and standard and extended access lists but
does the first packet still need to be processed switched? Whatever solution
I use it cannot affect performance of the router, switch or the clients.

Regards,
Colin

----------------------------------------------------------------------------

--
Live Life in Broadband
www.telewest.co.uk
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.
Statements and opinions expressed in this e-mail may not represent those of
the company. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender immediately and delete the material
from any computer.
============================================================================
==

• Next message: yakout esmat: "CCIE #9893"
• Previous message: Ludwig Morales: "Router 4 Sell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:22 GMT-3