|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Cisco filter question
Geo, Not sure if I want to answer. is this OT for NANOG? :) the key is: IP: Total Length = 92 (0x5C) normal ICMP packets are not 92 bytes in length.... our friend Nachi does use 92 byte packets. BTW: good luck trying the route-map on 2948G-L3s... ;) Thanks, Paul On Fri, 2003-08-22 at 12:55, Jack Bates wrote: > Scott McGrath wrote: > > > > > Geo, > > > > Look at your set interface Null0 command the rest is correct > > you want to set the next hop to be Null0. How to do this is left as an > > exercise for the reader. > > > > Interface Null0 works fine. Here's a quick check. > > Inbound (from peers) policy matches > route-map nachi-worm, permit, sequence 10 > Match clauses: > ip address (access-lists): 199 > length 92 92 > Set clauses: > interface Null0 > Policy routing matches: 10921 packets, 1048416 bytes > > Outbound (to internal network) accesslist matches > Extended IP access list 181 > deny tcp any any eq 135 (1994 matches) > permit icmp any any echo (757 matches) > permit icmp any any echo-reply (381 matches) > permit ip any any (381370 matches) > > I cleared 181 first, then cleared route-map counters. I then checked > route-map counters first before checking access-list counters. This > means the access-list has more time to accrue maches yet it is > considerably smaller. The checks were a matter of seconds. I'd say the > policy is working. The echo/echo-reply could easily be everyday pings > which are up abit due to various networks having performance issues. > > IOS Versioning can sometimes have issues. There's also the question of > if the packet came in the inbound interface that had the policy applied. > > -Jack -- Paul A Bradford Senior Network Engineer Adelphia Cable Communications 814-274-1353
|