Am I being thick?

Am I being thick?

Post by Steve Ra » Thu, 21 Dec 2006 06:08:11


Guys

I'd appreciate a bit of help please

I have a large network, all cisco, all EIGRP, no reason or need to change

I have 2 core sites both running in a hub and spoke and both connected
together

On all the spoke sites or satellite sites I want to stop traffic going to
the other satellite and opposing core sites

I have a 20 bit network (FWIW)

One satellite site has an IP range 10.6.95.0/20

I want to stop all traffic getting to any

10.2.0.0 /20
10.3.0.0 /20
10.4.0.0 /20
10.5.0.0 /20

I created a set of access lists and applied them onto the S0/0 interface of
the router, a basic deny anything to the above nets and it works

I want to move away from ACLs to route statements on some satellite centres,
why?, cus I want to. Well it is my network

So on my 10.6.95.0 network I:

o Log onto a local server and start a ping to an IP address on a 10.2.0.0
network
o Create a default route to route all traffic to S0/0
o Create a route for 10.2.0.0 255.255.0.0 null0
o Remove the EIGRP network
o Watch the pings continue

Why does my traffic continue to get thru ?

In anticipation


---------
We don't stop playing because we get old
We get old because we stop playing
 
 
 

Am I being thick?

Post by Bod4 » Thu, 21 Dec 2006 23:34:09


This is one of the cornerstones of IP routing.

More specific routes are /always/ preferred over less specific
ones.

10.2.0.0 255.255.0.0 null0

is less specific than

10.2.0.0 /20

If there are equally specific then the administrative distance
is used to determine which one goes in the routing table.

The order then is:

- Prefix length
- Within a routing protocol - cost
- Between Routing protocols - admin dist.

 
 
 

Am I being thick?

Post by Bod4 » Thu, 21 Dec 2006 23:35:37


I noticed just too late that I had not
answered your question.

"Am I being thick?"

Yes:-)