[QWE]

На Cisco WS-C4948E  на loopback поднят IP из сети /24.

Если запустить ping с сервера  и указать этот IP то Cisco как и положено (предсказуемо) отвечает с этого IP (src IP).

 

НО!  Если запустить ping с сервера   и указать сетевой (0 в последнем октете) или броадкастовый (255 в последнем октете)  ip сети которая на loopback то Cisco отвечает с IP vlan интерфейса через который прилетает icmp запрос, т.е. с другим IP адресом.

 

Как запретить в принципе отвечать на запросы к сетевым и широковещательным IP адресам сетей которые подняты на Cisco?

[jffulcrum]

Сначала тупая проверка: ip directed-broadcast не включён на интерфейсе?

[QWE]

#show ip interface Loopback0
Loopback0 is up, line protocol is up
  Internet address is 19.19.18.129/25
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1514 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Secondary address 19.19.19.1/24
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are never sent
  ICMP unreachables are never sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF switching turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Probe proxy name replies are disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  Input features: MCI Check
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled

 

vlan интерфейс в котором сервер

 

#show ip interface vlan 90
Vlan90 is up, line protocol is up
  Internet address is 19.19.16.1/27
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1546 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are never sent
  ICMP unreachables are never sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF switching turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Probe proxy name replies are disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  Input features: uRPF, MCI Check
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
  IP verify source reachable-via RX, allow default
   0 verification drops
   0 suppressed verification drops
   0 verification drop-rate

 

[jffulcrum]

1 час назад, QWE сказал:

Proxy ARP is enabled

С умыслом включено?

[QWE]

'С умыслом включено? '

 

Отключил, не помогло