Cisco filter question
Jack Bates
jbates at brightok.net
Fri Aug 22 16:55:47 UTC 2003
Scott McGrath wrote:
>
> Geo,
>
> Look at your set interface Null0 command the rest is correct
> you want to set the next hop to be Null0. How to do this is left as an
> exercise for the reader.
>
Interface Null0 works fine. Here's a quick check.
Inbound (from peers) policy matches
route-map nachi-worm, permit, sequence 10
Match clauses:
ip address (access-lists): 199
length 92 92
Set clauses:
interface Null0
Policy routing matches: 10921 packets, 1048416 bytes
Outbound (to internal network) accesslist matches
Extended IP access list 181
deny tcp any any eq 135 (1994 matches)
permit icmp any any echo (757 matches)
permit icmp any any echo-reply (381 matches)
permit ip any any (381370 matches)
I cleared 181 first, then cleared route-map counters. I then checked
route-map counters first before checking access-list counters. This
means the access-list has more time to accrue maches yet it is
considerably smaller. The checks were a matter of seconds. I'd say the
policy is working. The echo/echo-reply could easily be everyday pings
which are up abit due to various networks having performance issues.
IOS Versioning can sometimes have issues. There's also the question of
if the packet came in the inbound interface that had the policy applied.
-Jack
More information about the NANOG
mailing list