I don't know if I have understood your scenario properly. But based on your description it looks like you also have one ip address from the office network in the router. Now as u correctly said it's a normal behavior and if you want to stop this u have two options.
1. Put the office vlan interface in a different VRF (Virtual Routing Forwarding) instance - Incase you don't need an Internet access out of this Office. For Intranet depending on your number of prefix you can do a route leaking. 2. Use ACL to block traffic from Office LAN segment to management segment. Let me know if it answers your question. Thanks & Regards, Jyotirmay Samanta. Network Engineering Google Inc. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernd Ueberbacher Sent: Wednesday, June 06, 2007 3:17 PM To: cisco-nsp Subject: [c-nsp] Disable some routing Hi there! I've got a bit of a strange question... I have a small Cisco Router with some VLANs and a Catalyst behind. If I connect one office to the switch in a seperate VLAN with an official IP address, the person can reach everything, but in my case (or the general case?) a bit too much. One VLAN on the switch and the Router is for management, with 10.0.0.0/24, but as the router is doing what it is supposed to do, he routes everything for this network, as the router also has an IP in this network. A person in the office can now ping, telnet, ... into my management network. If I remove the IP address from the routers VLAN, the problem is "solved", but not the way I want it to be solved *G* I hope you understand my problem, because it's somehow hard to explain and even harder to search for in google ;-) Thanks and have a nice day, Bernd _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/