The null interface is the "bit bucket " or "black hole" interface. All traffic sent to this interface is discarded. It is most useful for filtering unwanted traffic, because you can discard traffic simply by routing it to the null interface . You could achieve the same goal using access lists, but access lists require more CPU overhead. If you have fairly simple filtering requirements, it may be more effective to route the offending traffic to the null interface.
There can be only one null interface (null0), and it is always configured. This interface accepts only one configuration command, no ip unreachables. All other commands for this interface are ignored.
interface null 0 no ip unreachables
In Figure 5-2, we have networks 10.10.1.0, 10.10.2.0, and 10.10.3.0 (networks 1, 2, and 3). To keep users on network 2 (10.10.2.0) from reaching network 3 (10.10.3.0), we can add a static route on Router 2 that sends all traffic destined for 10.10.3.0 to the null interface. With this route, any traffic destined for the 10.10.3.0 network from the 10.10.2.0 network is automatically discarded.
Figure 5-2. Filtering with a null interface
Here's the configuration command that creates the static route:
ip route 10.10.3.0 255.255.255.0 null0
The null0 interface is often used as part of a security strategy. Pointing unwanted routes to the null0 interface is a good way of stopping undesirable traffic. You can also use null0 to prevent routing loops when using summarized addresses.
Getting Started
IOS Images and Configuration Files
Basic Router Configuration
Line Commands
Interface Commands
Networking Technologies
Access Lists
IP Routing Topics
Interior Routing Protocols
Border Gateway Protocol
Quality of Service
Dial-on-Demand Routing
Specialized Networking Topics
Switches and VLANs
Router Security
Troubleshooting and Logging
Quick Reference
Appendix A Network Basics
Index