RE: Deny ISIS ACL

From: NSN - CO/Santa Fe de Bogota ("Gutierrez,)
Date: Thu Mar 12 2009 - 16:57:04 ARST

• Next message: Edouard Zorrilla: "Re: Documentation for TACACS+ server : How to configure network"
• Previous message: Larry Hadrava: "Re: Passed is SJ"
• Maybe in reply to: NSN - CO/Santa Fe de Bogota: "Deny ISIS ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Rich, that4s exaclty what I found afterwards, it was implemented yesterday on my network and is filtering ISIS packets quite well,

regards

Rodrigo Gutiirrez
IP Backbone Engineer.
CCNP
Mobile Phone # :57-310-580-0973
Monday - Friday : 9:00-18:00 EST
rodrigo.gutierrez@nsn.com
Nokia Siemens Networks

>-----Mensaje original-----
>De: ext Rich Collins [mailto:nilsi2002@gmail.com]
>Enviado el: Jueves, 12 de Marzo de 2009 06:55 a.m.
>Para: Gutierrez, Rodrigo (NSN - CO/Santa Fe de Bogota)
>CC: Cisco certification
>Asunto: Re: Deny ISIS ACL
>
>I can see how to prevent ISIS on the outbound direction but my
>IOS/router didn't allow this on the inbound.
>
>interface FastEthernet0/0
> ip address 24.24.24.4 255.255.255.0
> ip router isis
> ip pim sparse-mode
> duplex half
> tag-switching ip
> no clns route-cache
> service-policy output ISIS_Filter
>
>
>PE4#sh policy-map interface fa0/0
> FastEthernet0/0
>
> Service-policy output: ISIS_Filter
>
> Class-map: ISIS (match-any)
> 4956 packets, 7502002 bytes
> 5 minute offered rate 4000 bps, drop rate 4000 bps
> Match: protocol clns
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol clns_es
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol clns_is
> 4956 packets, 7502002 bytes
> 5 minute rate 4000 bps
> drop
>
> Class-map: class-default (match-any)
> 5936 packets, 465410 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
>
>
>class-map match-any ISIS
> match protocol clns
> match protocol clns_es
> match protocol clns_is
>!
>!
>policy-map ISIS_Filter
> class ISIS
> drop
> class class-default
>!
>
>
>-Rich
>
>On Wed, Mar 11, 2009 at 10:11 PM, Gutierrez, Rodrigo (NSN - CO/Santa
>Fe de Bogota) <rodrigo.gutierrez@nsn.com> wrote:
>> Hi experts,
>>
>> If I want to deny any ISIS packet coming from any place how will be
>that
>> access-list,
>>
>> thanks
>>
>> Rod
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>>
>_______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Edouard Zorrilla: "Re: Documentation for TACACS+ server : How to configure network"
• Previous message: Larry Hadrava: "Re: Passed is SJ"
• Maybe in reply to: NSN - CO/Santa Fe de Bogota: "Deny ISIS ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:04 ART