[nsp] Filter based forwarding

james hackerwacker at cybermesa.com
Tue Nov 4 15:14:11 EST 2003

Policy based routing allows one the match whatever you
can with an extended ACL and apply a policy to it:

route-map nachi-worm permit 10
 match ip address 191
 match length 92 92
 set ip next-hop ( goes to null on my nets, you could just set this statement to the null interface itself)
access-list 191 remark Nachi-worm ethernet
access-list 191 permit icmp any any echo
access-list 191 permit icmp any any echo-reply
CMCS_gwy#config t
Enter configuration commands, one per line.  End with CNTL/Z.
CMCS_gwy(config)#interface FastEthernet0/0
CMCS_gwy(config-if)#ip policy route-map nachi-worm
Beware of doing the above (dropping 92 byte pings) on some 75xx series,
as it also drops 92 byte TCP. Nasty week of debugging this, till I discovered
one of our providers was doing this. I tested on 7206's and we saw no problems
and used this policy for a while on my network (on 7200's) with no problems.

James Edwards
Routing and Security Administrator
jamesh at cybermesa.com
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
505-988-9200 SIP:1(747)669-1965

More information about the cisco-nsp mailing list