Jennifer,
From everything I've read and understand the null route is a
tool that used for various routing decisions, one of them not being a static
route to a physical network. Note: All traffic directed to the null
interface is dropped. The results observed by Chuck L fall right in line
with all the documentation
I've been reading and the lab examples I've followed.
Nigel..
----- Original Message -----
From: Chuck Larrieu <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, December 17, 2000 8:19 PM
Subject: RE: interface null 0 and access list restrictions
> Jennifer, the question intrigued me enough to want to try a Q&D lab. I was
> originally going to suggest RFC 1812 ( which I just finished browsing )
but
> I could locate the section that I thought might have been relevant. I
> believe, though, that the practices laid out in 1812 require that a router
> generate the appropriate ICMP message unless some other requirement
> precludes this.
>
> For example, for security reasons one might want to suppress certain
> information being returned, so one would configure things to mask that
> information. So one might return an ICMP message of "destination
> unreachable" or "network unreachable" rather than "administratively
> prohibited" ( which message might serve as hacker bait )
>
> In any case, I constructed a lab using three routers, and placing a static
> route on router_3 to a particular target network as being null0
> IP route 199.107.5.0 255.255.255.0 null0
>
> When all routing was correctly configured, from router_1 I pinged to
target
> address. The response on router_1 was U.U.U.U etc
>
> A debug ip icmp on router_3 showed that a host unreachable was being
> generated and returned to router_1
>
> I am not sure how to test routing to the entire network. Generally, in the
> practice labs I have done, the null0 route shows up as a part of route
> aggregation.
>
> Now in re-reading your question, I am not sure I understand what it is
you
> are trying to get to.
>
> Also, in #2, I'm not sure I understand what you mean when you say that
> "routing updates do not include denied traffic on inbound interfaces but
> they do on outbound" I'm a bit confused about the relationship between
> routing updates and denied traffic. Do you have an example or two you can
> provide that might clarify this for me?
>
> Thanks.
>
> Chuck
>
>
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> jennifer cribbs
> Sent: Saturday, December 16, 2000 10:25 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: interface null 0 and access list restrictions
>
> I have two questions:
>
> 1-- I realize the command that prevents a router from from forwarding
data
> to a remote network without generating an ICMP msg is interface null
0...and
> if that is so, what does come back. Does it come back as timed-out??
>
> Different subject:
>
> 2-- First, in considering routing updates and network congestion....Since
> routing updates do not include denied traffic on inbound interfaces but
they
> do on outbound, why wasn't inbound considered or made the default to help
> alieviate that same congestion on denied traffic?..... Wouldn't that make
> more sense?
>
>
> Thank you,
> Jennifer Cribbs
> re: [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
