[nsp] Filter based forwarding
james
hackerwacker at cybermesa.com
Tue Nov 4 15:14:11 EST 2003
Policy based routing allows one the match whatever you
can with an extended ACL and apply a policy to it:
!
route-map nachi-worm permit 10
match ip address 191
match length 92 92
set ip next-hop 192.168.1.1 (192.168.1.1 goes to null on my nets, you could just set this statement to the null interface itself)
!
access-list 191 remark Nachi-worm ethernet
access-list 191 permit icmp any any echo
access-list 191 permit icmp any any echo-reply
!
CMCS_gwy#config t
Enter configuration commands, one per line. End with CNTL/Z.
CMCS_gwy(config)#interface FastEthernet0/0
CMCS_gwy(config-if)#ip policy route-map nachi-worm
Beware of doing the above (dropping 92 byte pings) on some 75xx series,
as it also drops 92 byte TCP. Nasty week of debugging this, till I discovered
one of our providers was doing this. I tested on 7206's and we saw no problems
and used this policy for a while on my network (on 7200's) with no problems.
James Edwards
Routing and Security Administrator
jamesh at cybermesa.com
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
505-988-9200 SIP:1(747)669-1965
More information about the cisco-nsp
mailing list