[61079] in North American Network Operators' Group
RE: Cisco filter question
daemon@ATHENA.MIT.EDU (Lucas Iglesias)
Fri Aug 22 13:56:39 2003
From: Lucas Iglesias <l.iglesias@tiba.com>
To: "'Geo.'" <georger@getinfo.net>,
"'nanog@merit.edu'" <nanog@merit.edu>
Date: Fri, 22 Aug 2003 14:55:47 -0300
Errors-To: owner-nanog-outgoing@merit.edu
Geo,
The problem is simple. If you put in a single route-map entry 2 matchs
entries, it must match both of them to set the interface to Null0. If you'd
like to match all ICMP packets and also 92 lenght packets, try to do this:
route-map nachi-worm permit 10
match ip address 199
set interface Null0
!
route-map nachi-worm permit 10
match length 92
set interface Null0
!
Good luck, tell me how it works.
Luckas.-
-----Mensaje original-----
De: Geo. [mailto:georger@getinfo.net]
Enviado el: Viernes, 22 de Agosto de 2003 01:17 p.m.
Para: nanog@merit.edu
Asunto: Cisco filter question
Perhaps one of you router experts can answer this question. When using the
cisco specified filter
access-list 199 permit icmp any any echo
access-list 199 permit icmp any any echo-reply
route-map nachi-worm permit 10
! --- match ICMP echo requests and replies (type 0 & 8)
match ip address 199
! --- match 92 bytes sized packets
match length 92 92
! --- drop the packet
set interface Null0
interface <incoming-interface>
! --- it is recommended to disable unreachables
no ip unreachables
! --- if not using CEF, enabling ip route-cache flow is recommended
ip route-cache policy
! --- apply Policy Based Routing to the interface
ip policy route-map nachi-worm
why would it not stop this packet
