[c-nsp] ACL to block udp/0?

Hank Nussbacher hank at interall.co.il
Wed Dec 6 02:03:33 EST 2023

On 05/12/2023 23:44, Gert Doering wrote:

> D'Wayne Saunders already pointed at this most likely being fragments -
> large packet reflections, and all non-initial fragments being reported by
> IOS* as "port 0" (so you should see 1500 byte regular UDP as well, with
> a non-0 port number)
> IOS XR syntax for fragment blocking is
>    deny ipv4 any any fragments
> gert

To both D'Wayne and Gert - thx!


More information about the cisco-nsp mailing list