Cisco filter question
Paul A. Bradford
paul.bradford at adelphia.com
Fri Aug 22 17:09:23 UTC 2003
Geo,
OK Time for me to get coffee.... I missed the "not stop".
it might not stop a packet if the route-map isn't applied to the
interface.....
Pablo
On Fri, 2003-08-22 at 12:58, Paul A. Bradford wrote:
> Geo,
> Not sure if I want to answer. is this OT for NANOG? :)
>
> the key is:
>
> IP: Total Length = 92 (0x5C)
>
> normal ICMP packets are not 92 bytes in length.... our friend Nachi does
> use 92 byte packets.
>
> BTW: good luck trying the route-map on 2948G-L3s... ;)
>
> Thanks,
> Paul
>
>
> On Fri, 2003-08-22 at 12:55, Jack Bates wrote:
> > Scott McGrath wrote:
> >
> > >
> > > Geo,
> > >
> > > Look at your set interface Null0 command the rest is correct
> > > you want to set the next hop to be Null0. How to do this is left as an
> > > exercise for the reader.
> > >
> >
> > Interface Null0 works fine. Here's a quick check.
> >
> > Inbound (from peers) policy matches
> > route-map nachi-worm, permit, sequence 10
> > Match clauses:
> > ip address (access-lists): 199
> > length 92 92
> > Set clauses:
> > interface Null0
> > Policy routing matches: 10921 packets, 1048416 bytes
> >
> > Outbound (to internal network) accesslist matches
> > Extended IP access list 181
> > deny tcp any any eq 135 (1994 matches)
> > permit icmp any any echo (757 matches)
> > permit icmp any any echo-reply (381 matches)
> > permit ip any any (381370 matches)
> >
> > I cleared 181 first, then cleared route-map counters. I then checked
> > route-map counters first before checking access-list counters. This
> > means the access-list has more time to accrue maches yet it is
> > considerably smaller. The checks were a matter of seconds. I'd say the
> > policy is working. The echo/echo-reply could easily be everyday pings
> > which are up abit due to various networks having performance issues.
> >
> > IOS Versioning can sometimes have issues. There's also the question of
> > if the packet came in the inbound interface that had the policy applied.
> >
> > -Jack
--
Paul A Bradford
Senior Network Engineer
Adelphia Cable Communications
814-274-1353
More information about the NANOG
mailing list