[c-nsp] ASR1k - Punt-Policing in conjunction with CoPP - aggregate and inbound policy to Control-plane

Roland Dobbins rdobbins at arbor.net
Sun Jul 26 01:42:52 EDT 2015


On 26 Jul 2015, at 0:19, Randy via cisco-nsp wrote:

> match access-group name MATCH-TTL0/1

Have you tried renaming the ACL?  Personally, I've never used or even 
seen a named ACL with a '/' in the name, maybe it's an input 
sanitization issue?  Worth a try, anyways.

> ip access-list extended MATCH-TTL0/1
> permit ip any any ttl eq 0
> permit ip any any ttl eq 1

permit ip any any ttl eq 0 1 should work, yes?

You don't show the class-map, policy-map, nor control-plane config 
stanzas, so it's difficult to know if there isn't a simple config error 
(everybody makes them at once point or another; I know I have).

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>


More information about the cisco-nsp mailing list