Silly question,<div><br></div><div>If all you want is an ACL to block traffic, why not just use an access-group?</div><div><br></div><div>N</div><div><br><div class="gmail_quote">On Fri, Feb 5, 2010 at 8:14 PM, Logan Rawlins <span dir="ltr"><<a href="mailto:logan.rawlins@highwinds.com">logan.rawlins@highwinds.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Sure at the end of your policy point a default match all to a nexthop ip that you have null routed<br>
<br>
ip route a.a.a.a/32 null0<br>
<br>
ip access-list extended permit-all<br>
permit ip any any<br>
<br>
route-map pbr-firewall permit 1000<br>
match ip address permit-all<br>
set ip next-hop a.a.a.a<br>
<br>
int e 1/1<br>
ip policy route-map pbr-firewall<br>
<div><div></div><div class="h5"><br>
<br>
On Feb 5, 2010, at 12:49 PM, seph wrote:<br>
<br>
> As I continue to tinker with my network, I'm increasing interesting in<br>
> PBR. Unfortunately, the only info I can find is in the Configuration<br>
> Guide, which seems sparse. I'm hoping folks here might have some advice.<br>
><br>
> Given how small a section in the config guide it has, I wonder how<br>
> widely used it is. It feels like an afterthought. Do people actually use<br>
> it?<br>
><br>
> Is there other documentation that I should be reading?<br>
><br>
> If I'm using PBR as sort of a firewall, is there a way to set a default<br>
> "don't route these packets"<br>
><br>
> Am I crazy for trying?<br>
><br>
> Thanks for any advice<br>
><br>
> seph<br>
><br>
><br>
> _______________________________________________<br>
> foundry-nsp mailing list<br>
> <a href="mailto:foundry-nsp@puck.nether.net">foundry-nsp@puck.nether.net</a><br>
> <a href="http://puck.nether.net/mailman/listinfo/foundry-nsp" target="_blank">http://puck.nether.net/mailman/listinfo/foundry-nsp</a><br>
><br>
<br>
_______________________________________________<br>
foundry-nsp mailing list<br>
<a href="mailto:foundry-nsp@puck.nether.net">foundry-nsp@puck.nether.net</a><br>
<a href="http://puck.nether.net/mailman/listinfo/foundry-nsp" target="_blank">http://puck.nether.net/mailman/listinfo/foundry-nsp</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Nick Morrison <<a href="mailto:nick@nick.on.net">nick@nick.on.net</a>><br>
</div>