--- Begin Message ---
Platform: asr1001 - asr1001-universalk9.03.10.02.S.153-3.S2-ext.bin
Goal: Drop all TTL<=1 (exceptions for eBGP, EIGRP, HSRP - since these apply in
my case are working as desired)other-packets at ESP( qfp-outbound) before
getting to RP are not working despite having service-policy applied-inbound to
control-plane.
Result:
As evinced by traceroute working and all qfp stats reporting zero drops,
obvious that the following:
policy-map PM-COPP
class CM-EBGP
class CM-HSRP
class CM-EIGRP
class CM-TTL0/1
police 8000 conform-action drop exceed-action drop
is *not* working for CM-TTL0/1
class-map match-all CM-TTL0/1
match access-group name MATCH-TTL0/1
ip access-list extended MATCH-TTL0/1
permit ip any any ttl eq 0
permit ip any any ttl eq 1
Question:
Am I correct in my *understanding* that I need to enable in global-config:
platform punt-policer 29 10 ?
(29 is the is the id for punt-cause-name:RP handled ICMP and 10 would be the
pps); and then reconfig my policy-map for class:
CM-TTL0/1
to something like "police rate 10 conform drop exceed drop?
Regards,
./Randy
--- End Message ---
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/