North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco filter question

  • From: Jack Bates
  • Date: Fri Aug 22 12:58:12 2003 
Scott McGrath wrote:

Geo,

Look at your set interface Null0 command the rest is correct
you want to set the next hop to be Null0. How to do this is left as an exercise for the reader.

Interface Null0 works fine. Here's a quick check.

Inbound (from peers) policy matches
route-map nachi-worm, permit, sequence 10
Match clauses:
ip address (access-lists): 199
length 92 92
Set clauses:
interface Null0
Policy routing matches: 10921 packets, 1048416 bytes

Outbound (to internal network) accesslist matches
Extended IP access list 181
deny tcp any any eq 135 (1994 matches)
permit icmp any any echo (757 matches)
permit icmp any any echo-reply (381 matches)
permit ip any any (381370 matches)

I cleared 181 first, then cleared route-map counters. I then checked route-map counters first before checking access-list counters. This means the access-list has more time to accrue maches yet it is considerably smaller. The checks were a matter of seconds. I'd say the policy is working. The echo/echo-reply could easily be everyday pings which are up abit due to various networks having performance issues.

IOS Versioning can sometimes have issues. There's also the question of if the packet came in the inbound interface that had the policy applied.

-Jack