[EMAIL PROTECTED] wrote:
ip address (access-lists): 199
^^^
Extended IP access list 181
^^^
Did you mean to have a mismatch between the numbers?
Or is there some magic configuration detail that links
the two together that I haven'
Geo,
The problem is simple. If you put in a single route-map entry 2 matchs
entries, it must match both of them to set the interface to Null0. If you'd
like to match all ICMP packets and also 92 lenght packets, try to do this:
route-map nachi-worm permit 10
match ip address 199
set interface N
Because your acl matches echo reply and the packet is echo request.
Owen
--On Friday, August 22, 2003 10:02 AM -0700 Michel Py
<[EMAIL PROTECTED]> wrote:
Instead of:
set interface Null0
Use: set ip next-hop 10.255.255.254
_and_
ip route 10.255.255.254 255.255.255.255 Null0 name BLACKHOLE
Miche
Geo,
OK Time for me to get coffee I missed the "not stop".
it might not stop a packet if the route-map isn't applied to the
interface.
Pablo
On Fri, 2003-08-22 at 12:58, Paul A. Bradford wrote:
> Geo,
>Not sure if I want to answer. is this OT for NANOG? :)
>
>the key is:
>
>point a route to null0 and set the next hop to be down that route
makes no difference, the problem isn't that the packets aren't being routed
to null0, the problem is that the packets don't match the route-map for some
reason. Only difference I see is the fragment flag is set to allow fragment
o
Geo,
Not sure if I want to answer. is this OT for NANOG? :)
the key is:
IP: Total Length = 92 (0x5C)
normal ICMP packets are not 92 bytes in length our friend Nachi does
use 92 byte packets.
BTW: good luck trying the route-map on 2948G-L3s... ;)
Thanks,
Paul
On Fri, 2003-08-22 a
Instead of:
> set interface Null0
Use: set ip next-hop 10.255.255.254
_and_
ip route 10.255.255.254 255.255.255.255 Null0 name BLACKHOLE
Michel.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Geo.
Sent: Friday, August 22, 2003 9:17 AM
To: [EMAIL PROT
point a route to null0 and set the next hop to be down that route
On Fri, 22 Aug 2003, Jack Bates wrote:
>
> Scott McGrath wrote:
>
> >
> > Geo,
> >
> > Look at your set interface Null0 command the rest is correct
> > you want to set the next hop to be Null0. How to do this is left as an
Scott McGrath wrote:
Geo,
Look at your set interface Null0 command the rest is correct
you want to set the next hop to be Null0. How to do this is left as an
exercise for the reader.
Interface Null0 works fine. Here's a quick check.
Inbound (from peers) policy matches
route-map nachi-worm, pe
Geo,
Look at your set interface Null0 command the rest is correct
you want to set the next hop to be Null0. How to do this is left as an
exercise for the reader.
Scott C. McGrath
On Fri, 22 Aug 2003, Geo. wrote:
>
> Perhaps one of you router experts can answer t
10 matches
Mail list logo