I'm trying to recreate Task 8.4. This is where we want R9 to drop inbound ICMP traffic entering the fa0/1 interface with a size from 150 to 200 bytes.
I can do it with MQC class-map match-all ICMP match proto icmp match packet length min 150 max 200 policy-map ICMP class ICMP drop service-policy output ICMP (although if i apply input it also doesn't work, i think that's because it's blocking icmp-reply in match protocol as well. Strange thing is if i ping from a connected switch, if i ping with sizes larger then 150 it also does not go through!) But if i do : route-map 84 match ip address 184 match length 150 200 set interface null0 int fa0/1 ip policy route-map 84 where acl 184 is a access-list 184 permit icmp any any echo and echo-reply (upon only echo-reply i get a match) It doesn't work. I'm not sure why we set the interface to null0 but i suppose to drop the traffic. I tried with both permit and deny acl for icmp traffic. I suspect it has to do with the %Warning:Use P2P interface for routemap set interface clause message. I thought at first it was because i was applied it on the FR multipoint interface but i still get the same message on a fastethernet interface or FR point to point interface. Will do some more google. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
