RE: Deny traffic from router itself

From: Geert Nijs (geert.nijs@simac.be)
Date: Wed Jan 25 2006 - 17:46:09 GMT-3

• Next message: Greg Gombas: "RE: IE LAB 7 Task 4.6 OSPF"
• Previous message: Scott Smith: "IEWB V3 Lab 2 Multicast"
• Maybe in reply to: Popgeorgiev Nikolay: "Deny traffic from router itself"
• Next in thread: Ramiro Garza: "Re: Deny traffic from router itself"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You can influence packets generated by the router itself using

ip local policy route-map

see
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
fiprrp_r/ind_r/1rfindp1.htm#wp1017871

Try to redirect some traffic to Null interface, will drop , prevent,
these packets

Geert
CCIE #13729

-----Oorspronkelijk bericht-----
Van: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Namens Nick
Verzonden: vrijdag 20 januari 2006 15:08
Aan: ccielab@groupstudy.com
Onderwerp: Re: Deny traffic from router itself

Hi!

I'm afraid there is no way to filter the packets the router itself
generates.

Refer to the following;

"Access lists filter only traffic going through the router. They do not
filter traffic originating from the router."
   (ICND v2.1(Official Course Book) P.4-27)

HTH

Nick

----- Original Message -----
From: "Gustavo Novais" <gustavo.novais@novabase.pt>
To: "Popgeorgiev Nikolay" <nikolay.popgeorgiev@siemens.com>;
<ccielab@groupstudy.com>
Sent: Friday, January 20, 2006 10:40 PM
Subject: RE: Deny traffic from router itself

> You can try an access-class out, on the line vty's. that will limit
> the destinations to where you may telnet.
>
> Gustavo Novais
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Popgeorgiev Nikolay
> Sent: sexta-feira, 20 de Janeiro de 2006 12:59
> To: ccielab@groupstudy.com
> Subject: Deny traffic from router itself
>
> Hello people,
>
> I have a question is it possible with a ACL to deny packets from a
> router itself.For example I want to stop a user connected to the
> router from making telnet to another router ? But not with transport
> output command on the line interface, and without a route-map
>
>
> thanks !
>
> best,
> Nick
>
> ______________________________________________________________________
> _
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Greg Gombas: "RE: IE LAB 7 Task 4.6 OSPF"
• Previous message: Scott Smith: "IEWB V3 Lab 2 Multicast"
• Maybe in reply to: Popgeorgiev Nikolay: "Deny traffic from router itself"
• Next in thread: Ramiro Garza: "Re: Deny traffic from router itself"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Feb 01 2006 - 07:45:50 GMT-3