|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Smurf tone down
> > 3) Can't manage it. Providers are understaffed with clueful people. > > Is this really that hard? > > access-list 175 permit icmp any any > int bleh/bleh > rate-limit input access-group 175 128000 8000 8000 conform-action transmit exceed-action drop > rate-limit output access-group 175 128000 8000 8000 conform-action transmit exceed-action drop I agree, the above isn't all that hard. However, I'd argue that the above is in some sense wrong. There's no need to put all ICMP traffic in the same basket; some ICMP traffic is required for e.g. path MTU discovery to work. So, instead I'd use access-list 175 permit icmp any any echo-reply But you all knew that already, right? ;-) - H�vard
|