From: Edouard Zorrilla (ezorrilla@tsf.com.pe)
Date: Sat Jan 20 2007 - 14:19:46 ART
Hello people,
I got the next topology:
__gi0/0
|
|
BB1 - - - - (Serial0/3/0) PPPoFR - - - - R6
|
|__gi0/1
The question ask:
Configuring R6 to prevent the worm from coming in from BB1. The worm send the
following string to the web server on port 80. "ALL YOUR BASE". Configure R6
to drop any http packets containing this string before forwarding the packet
out either Gi eth. Interface.
The solution says:
############
ip cef
class-map match-all WORM
match protocol http url "*ALL YOUR BASE*"
policy-map MITIGATE_WORM
class WORM
policy 8000 conform-action drop exceed-actio drop
interface gi0/0
service policy output MITIGATE_WORM
interface gi0/1
service policy output MITIGATE_WORM
############
And I come up with the solution:
############
ip cef
class-map match-all WORM
match protocol http url "*ALL YOUR BASE*"
policy-map MITIGATE_WORM
class WORM
drop
interface Serial0/3/0
frame-relay interface-dlci 301 ppp Virtual-Template1
interface Virtual-Template1
service-policy input MITIGATE_WORM
############
My question is:
1.- Why do I need to use the Gi0/0 and Gi0/1 to apply the service policy if I
can use the serial (virtual-template) ?
2.- Why to use "policy 8000 conform-action drop exceed-actio drop" instead of
just a "drop" ?
Thanks a lot.
Regards
This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:57 ART