Cisco filter question

• Previous message (by thread): Cisco filter question
• Next message (by thread): Cisco filter question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Geo,

The problem is simple. If you put in a single route-map entry 2 matchs
entries, it must match both of them to set the interface to Null0. If you'd
like to match all ICMP packets and also 92 lenght packets, try to do this:

route-map nachi-worm permit 10
 match ip address 199
 set interface Null0
!
route-map nachi-worm permit 10
 match length 92
 set interface Null0
!

Good luck, tell me how it works.
Luckas.-


-----Mensaje original-----
De: Geo. [mailto:georger at getinfo.net]
Enviado el: Viernes, 22 de Agosto de 2003 01:17 p.m.
Para: nanog at merit.edu
Asunto: Cisco filter question



Perhaps one of you router experts can answer this question. When using the
cisco specified filter

 access-list 199 permit icmp any any echo
    access-list 199 permit icmp any any echo-reply
       
    route-map nachi-worm permit 10
      ! --- match ICMP echo requests and replies (type 0 & 8) 
      match ip address 199
    
      ! --- match 92 bytes sized packets
      match length 92 92
 
      ! --- drop the packet
      set interface Null0
       
    
    interface <incoming-interface>
      ! --- it is recommended to disable unreachables
      no ip unreachables
 
      ! --- if not using CEF, enabling ip route-cache flow is recommended
      ip route-cache policy
 
      ! --- apply Policy Based Routing to the interface
      ip policy route-map nachi-worm 

why would it not stop this packet

• Previous message (by thread): Cisco filter question
• Next message (by thread): Cisco filter question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]