From: Rich Collins (nilsi2002@gmail.com)
Date: Thu Mar 12 2009 - 09:55:20 ARST
I can see how to prevent ISIS on the outbound direction but my
IOS/router didn't allow this on the inbound.
interface FastEthernet0/0
ip address 24.24.24.4 255.255.255.0
ip router isis
ip pim sparse-mode
duplex half
tag-switching ip
no clns route-cache
service-policy output ISIS_Filter
PE4#sh policy-map interface fa0/0
FastEthernet0/0
Service-policy output: ISIS_Filter
Class-map: ISIS (match-any)
4956 packets, 7502002 bytes
5 minute offered rate 4000 bps, drop rate 4000 bps
Match: protocol clns
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol clns_es
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol clns_is
4956 packets, 7502002 bytes
5 minute rate 4000 bps
drop
Class-map: class-default (match-any)
5936 packets, 465410 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
class-map match-any ISIS
match protocol clns
match protocol clns_es
match protocol clns_is
!
!
policy-map ISIS_Filter
class ISIS
drop
class class-default
!
-Rich
On Wed, Mar 11, 2009 at 10:11 PM, Gutierrez, Rodrigo (NSN - CO/Santa
Fe de Bogota) <rodrigo.gutierrez@nsn.com> wrote:
> Hi experts,
>
> If I want to deny any ISIS packet coming from any place how will be that
> access-list,
>
> thanks
>
> Rod
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:04 ART