I'd use MPP (Management Plane Protection) in this case:
control-plane host
management-interface f0/0 allow
HTH,
--
Piotr Matusiak
CCIE #19860 (R&S, Security)
Technical Instructor
website: www.MicronicsTraining.com
blog: www.ccie1.com
�If you can't explain it simply, you don't understand it well enough� -
Albert Einstein
2010/7/6 Brian Landers <brian_at_bluecoat93.org>
> Working through a Security practice lab and I'm drawing a blank on this
> one.
>
> * enable access control on R4 to allow management access via the R4 gi0/1
> interface only
>
> * management traffic to any other interfaces should be dropped
>
> * do not use interface access control list to achieve this task
>
> * do not use vty ACL to achieve this task
>
> R4 gi0/1 has a single host behind it (R3), which has a 0/0 route pointing
> to
> R4. So far, the only thing I'm coming up with is PBR to null route any
> traffic to interface IP's other than gi0/1, but without testing I'm not
> sure
> that will work to router-local traffic.
>
> B*
>
>
> --
> Brian C Landers
> http://www.packetslave.com/
> CCIE #23115
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue Jul 06 2010 - 15:22:34 ART