Hi,
I haven't tested this myself yet, but perhaps doing a
route map and matching an access list with logging
option set then modifying the route if theres a match
would be a solution. Of course, this is going to use
more CPU then a null0 static route but a ACL w/log
option is needed to see how many hits your getting.
...Erick
--- Barry Hofland <[EMAIL PROTECTED]> wrote:
> There's no way counting matches for a null0
> interface.
> If you need the number, fall back to access-lists...
>
> Barry
> "D. J. Jones" <[EMAIL PROTECTED]> wrote in message
> 8ik0d7$iqe$[EMAIL PROTECTED]">news:8ik0d7$iqe$[EMAIL PROTECTED]...
> > I've been reading and trying to understand
> interior redistribution and
> came
> > across the following technique as an alternative
> for the specific packet
> > filtering requirement of discarding certain
> packets based solely on their
> > destination address.
> >
> > In this case Cisco static route command are used
> to discard packets
> destined
> > to private address space using null0. Here is an
> example:
> >
> > ip route 10.0.0.0 255.0.0.0.0 null0
> >
> > My question is whether it is possible to show the
> system log and display
> the
> > number of times a packet was discarded destined to
> private or RFC1918
> > address space. If the logs showed that, would it
> also show the source?
> >
> > I don't have a test lab setup to try this but was
> hoping someone on the
> list
> > has experience with this. Thanks for you help..
=====
- Erick B. | erickbe(a)yahoo.com | http://berk.dhs.org
__________________________________________________
Do You Yahoo!?
Send instant messages with Yahoo! Messenger.
http://im.yahoo.com/
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
