Jennifer, the question intrigued me enough to want to try a Q&D lab. I was
originally going to suggest RFC 1812 ( which I just finished browsing ) but
I could locate the section that I thought might have been relevant. I
believe, though, that the practices laid out in 1812 require that a router
generate the appropriate ICMP message unless some other requirement
precludes this.
For example, for security reasons one might want to suppress certain
information being returned, so one would configure things to mask that
information. So one might return an ICMP message of "destination
unreachable" or "network unreachable" rather than "administratively
prohibited" ( which message might serve as hacker bait )
In any case, I constructed a lab using three routers, and placing a static
route on router_3 to a particular target network as being null0
IP route 199.107.5.0 255.255.255.0 null0
When all routing was correctly configured, from router_1 I pinged to target
address. The response on router_1 was U.U.U.U etc
A debug ip icmp on router_3 showed that a host unreachable was being
generated and returned to router_1
I am not sure how to test routing to the entire network. Generally, in the
practice labs I have done, the null0 route shows up as a part of route
aggregation.
Now in re-reading your question, I am not sure I understand what it is you
are trying to get to.
Also, in #2, I'm not sure I understand what you mean when you say that
"routing updates do not include denied traffic on inbound interfaces but
they do on outbound" I'm a bit confused about the relationship between
routing updates and denied traffic. Do you have an example or two you can
provide that might clarify this for me?
Thanks.
Chuck
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
jennifer cribbs
Sent: Saturday, December 16, 2000 10:25 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: interface null 0 and access list restrictions
I have two questions:
1-- I realize the command that prevents a router from from forwarding data
to a remote network without generating an ICMP msg is interface null 0...and
if that is so, what does come back. Does it come back as timed-out??
Different subject:
2-- First, in considering routing updates and network congestion....Since
routing updates do not include denied traffic on inbound interfaces but they
do on outbound, why wasn't inbound considered or made the default to help
alieviate that same congestion on denied traffic?..... Wouldn't that make
more sense?
Thank you,
Jennifer Cribbs
re: [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
