[c-nsp] Blocking a Mac address at a router interface
Mark E. Mallett
mem at mv.mv.com
Thu Sep 23 15:15:23 EDT 2004
On Thu, Sep 23, 2004 at 03:09:16PM -0400, Rodney Dunn wrote:
> Good one..
I've done that in the past too, but it really seemed perverted :-)
mm
>
> On Thu, Sep 23, 2004 at 11:07:52AM -0700, ken lindahl wrote:
> > At 08:47 AM 9/23/2004, Gert Doering wrote:
> > >I've had that problem in the past (hosting customer being hacked, and
> > >(ab-)using lots of IP addresses that don't belong to that server).
> > >
> > >I have not been able to find a way to do what you want.
> > >
> > >Filtering by MAC address is possible in bridging mode, but does not seem
> > >to be possible in IP routing mode (on "router" platforms, at least).
> >
> > on 7500s, we've been able to do it using CAR:
> >
> > interface Ethernet4/0/0
> > ...
> > rate-limit input access-group rate-limit 100 8000 1500 2000 conform-action drop exceed-action drop
> > rate-limit output access-group rate-limit 100 8000 1500 2000 conform-action drop exceed-action drop
> > ...
> > access-list rate-limit 100 0060.08xx.xxxx
> >
> > ymmv
> >
> > ken
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Mark E. Mallett | http://www.mv.com/users/mem/
MV Communications, Inc. | http://www.mv.com/
NH Internet Access since 1991 | (603) 629-0000 / FAX: 629-0049
More information about the cisco-nsp
mailing list