Need help creating route on Cisco 2600 (IOS 12)

Question

I have our Cisco 2600 configured as far as IP addresses go but not being that familiar with IOS I'm having some issues creating a route between the two networks.

I need to only route data on port 47808. I want the router to block all other traffic. This needs to be a true routing and not just bridging the two networks.

I've tried lots of different these so the config might have some "anomalies" so adding here. My current running config:

Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! ip subnet-zero ip domain-name software ! ip cef ip audit notify log ip audit po max-events 100 cns event-service server ! process-max-time 200 ! interface FastEthernet0/0 ip address 10.222.51.235 255.255.252.0 no ip directed-broadcast no ip mroute-cache speed 100 full-duplex no mop enabled bridge-group 1 ! interface Serial0/0 no ip address no ip directed-broadcast no ip mroute-cache shutdown no fair-queue ! interface FastEthernet0/1 ip address 10.222.52.254 255.255.255.0 no ip directed-broadcast no ip mroute-cache speed 100 no mop enabled bridge-group 1 ! router igrp 1 redistribute connected network 10.0.0.0 ! ip classless ip default-network 255.255.255.255 ip forward-protocol spanning-tree any-local-broadcast ip forward-protocol turbo-flood ip forward-protocol udp 47808 ip http server ! dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit ! bridge 1 protocol dec bridge 1 address 0010.0222.0051 forward FastEthernet0/1 bridge 1 address 0010.0222.0053 forward FastEthernet0/1

I'm open to all suggestions in getting this cleaned up and working properly.

Answer 1

The router automatically creates a connected route for each network you configure on an interface so routing is not an issue between the two networks on this router. To make sure traffic from one network is routed to the other network, you need to make sure that traffic is routed to this router in the first place. If this router is not the default gateway for either network you will need to add a static route on the default gateway for each network.

On the default gateway for 10.222.48.0/22 you need to add the following route.

ip route 10.222.52.0 255.255.255.0 10.222.51.235

On the default gateway for 10.222.52.0/24 you need to add the following route.

ip route 10.222.48.0 255.255.252.0 10.222.52.254

If you want to limit the traffic to one tcp port only you need to apply an extended access-list to the interfaces. Since this is a very old router it might not support extended access-lists so this might not work. Example access list:

ip access-list extended allow47808
 permit tcp any any eq 47808
 deny   ip any any

Then you need to apply the access list to the interfaces

int fa0/0
 ip access-group allow47808 in
 ip access-group allow47808 out
int fa0/1
 ip access-group allow47808 in
 ip access-group allow47808 out

If you do all this you will most likely only get one-way traffic since the reply to the tcp request will be on a different port and will be blocked. You will also not be able to connect to the router through telnet or ssh since the access list blocks that traffic also, you will need to connect to it through console. Given the information you supply this is the best I can do.