I created a seconday interface which is 212.12.12.0 and my primary interface is 192.68.0.0. I need to configure the hosts on 212.12.12.0 not to send broadcast or ping the 192.68.0.0 network. Do i need a access-list for this? Can someone show me a sample config? The interfaces are on my ethernet port. Would i be better off creating 2 vlans. I'm trying to seperate my unix boxes with my windows pc's. (212.12.12.0 unix) and (192.68.0.0 windows), thanks.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Secondary interface 1
- Thread starter UNIX72
- Start date
- Thread starter
- #3
-
1
- #4
You could definitly setup an ACL and group on the 192.68.0.0 network to deny any 212.12.12.0 network traffic e.g.Broadcast or ICMP. I will send you a sample config.
access-list 101 deny tcp 172.16.4.0
0.0.0.255 any eq
access-list 101 permit ip any any
(implicit deny any)
(access-list 101 deny ip 0.0.0.0
255.255.255.255
0.0.0.0 255.255.255.255)
interface ethernet 0
ip access-group 101 out
access-list 101 deny tcp 172.16.4.0
0.0.0.255 any eq
access-list 101 permit ip any any
(implicit deny any)
(access-list 101 deny ip 0.0.0.0
255.255.255.255
0.0.0.0 255.255.255.255)
interface ethernet 0
ip access-group 101 out
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question