Cancel this. It did work, i just wasn't testing through the router but from the router where i applied it. Have to keep remembering local traffic is not policy routed. Seems MQC doesn't have a problem with that though. In below example the policy-map is applied on R9 and tested on R9 and Cat3.
As to why the service-policy input or output doesn't matter my theory is: when applied input and ping between 150-200 from R9 the packet gets send out but never gets back because of the input policy when applied input and ping between 150-200 from (in my dynamips lab, a directly connected switch) Cat3 the packet doesn't get send out because of the output policy when applied out and ping between 150-200 from R9 the packet does not get send out because of the output policy when applied out and ping between 150-200 from Cat3 the packet comes in but does not reply because of the output policy Begin forwarded message: > From: Alef <[email protected]> > Date: July 21, 2011 4:52:00 PM GMT+01:00 > To: "[email protected] IE" <[email protected]> > Subject: Vol2, Lab5, Task 8.4 - Can't set interface to null0 on P2P interface > > I'm trying to recreate Task 8.4. This is where we want R9 to drop inbound > ICMP traffic entering the fa0/1 interface with a size from 150 to 200 bytes. > > I can do it with MQC > > class-map match-all ICMP > match proto icmp > match packet length min 150 max 200 > > policy-map ICMP > class ICMP > drop > > service-policy output ICMP > (although if i apply input it also doesn't work, i think that's because it's > blocking icmp-reply in match protocol as well. Strange thing is if i ping > from a connected switch, if i ping with sizes larger then 150 it also does > not go through!) > > But if i do : > route-map 84 > match ip address 184 > match length 150 200 > set interface null0 > int fa0/1 > ip policy route-map 84 > > where acl 184 is a access-list 184 permit icmp any any echo and echo-reply > (upon only echo-reply i get a match) > > It doesn't work. I'm not sure why we set the interface to null0 but i suppose > to drop the traffic. I tried with both permit and deny acl for icmp traffic. > I suspect it has to do with the %Warning:Use P2P interface for routemap set > interface clause message. I thought at first it was because i was applied it > on the FR multipoint interface but i still get the same message on a > fastethernet interface or FR point to point interface. Will do some more > google. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
