[c-nsp] ISIS routing

Saku Ytti saku at ytti.fi
Mon Nov 26 07:39:04 EST 2012


On (2012-11-26 12:20 +0000), Nick Hilliard wrote:

> yeah but these packets will be summarily dropped by your router unless you
> have an isis-enabled interface facing towards a third party which can
> actually punt them up to the rp.  So unless you have a misconfiguration,
> this isn't going to be a problem in practice?  Or does the pfc3/trio punt
> them even if you don't have isis configured on an interface?

No. They are punted always in PFC3 and Trio, even in pure L3 interface. And
in neither platform you can create L2 ACL on L3 interface.
So only solution is to make all interfaces L2 interfaces and put L3 in
SVI/IRB, then you can use L2 ACL to protect the router.

-- 
  ++ytti


More information about the cisco-nsp mailing list