[c-nsp] IP Options Drop
Saku Ytti
saku at ytti.fi
Mon Apr 21 12:26:58 EDT 2014
On (2014-04-21 17:09 +0100), Phil Mayers wrote:
> Can you expand on this? Currently you can either do "platform rate-limit"
> for IP options or disable the RL and use the built-in / magic CPP class-map:
As ACL match work, you could do it in iACL and then you're only left with own
customers attacking you.
Mind you, I don't run PFC4. But amongst things I'm missing in PFC3 ACL
classification are packet size and IP options, both should be available in
PFC4.
--
++ytti
More information about the cisco-nsp
mailing list