Hi GS,
I am playing around with CoPP to stop telnet to a certain router and would
like some input or suggestions to what I am doing.
I have the following scenario:
R1 -------------- R3
| |
| |
| |
R2 -------------- R4
I would like to only allow telnet to R3 and R4 from R1 and R2 loopbacks
only.
So here is what I have done:
R3:
ip access-list extended LOOPBACK
deny tcp host 10.10.1.1 eq telnet
deny tcp host 10.10.2.2 eq telnet
permit tcp any any eq telnet
class-map TELNET
match access-group LOOPBACK
policy-map SECURE
class TELNET
drop
control-plane
service-policy input SECURE
So here is what problem / maybe understanding on how CoPP is working.
I can telnet only using the loopbacks of R1 and R2 which what i needed done.
BUT I can still telnet from R4 to R3 WHY is this.
when i created the control-plane i used the "input" keywork and all telnet
traffic going to the CP will look at my policy-map SECURE. (correct?)
and make its decision based on what is configured.
Where am i going wrong?
Regards
Splinter
Blogs and organic groups at http://www.ccie.net
Received on Thu Jun 25 2009 - 14:33:24 ART
This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 20:02:37 ART