Re: CoPP - Question

 Why are you denying the protocols?

Since OSPF and EIGRP are protocol numbers, the addresses become
irrelevant.

permit ospf any any or permit eigrp any any would be fine!

BGP you'll need to be more aware of the direction/port though. But still
"permit" would be needed in order to be a match!

Scott Morris, CCIEx4 (R&S/ISP-Dial/Security/Service Provider) #4713,

JNCIE-M #153, JNCIS-ER, CISSP, et al.

JNCI-M, JNCI-ER

evil_at_ine.com

Internetwork Expert, Inc.

http://www.InternetworkExpert.com

Toll Free: 877-224-8987

Outside US: 775-826-4344

Knowledge is power.

Power corrupts.

Study hard and be Eeeeviiiil......

ccie_ka_at_gmx.de wrote:

  Thanks for the explanation Scott...
  The traffic should be destined _to_ the router!
  
  While learning (and reading about CoPP) I have more questions...:-))
  
  First of all how can I classify routing protocols with access-list.
  I have the following list defined but I'm not sure if this is the right solution ??
  
  Router1
  !OSPF
  ip access-list ospf
   deny ospf any host x.x.x.x
   deny ospf any host 224.0.0.5
   deny ospf any host 224.0.0.6
  
  !eigrp
  ip access-list eigrp
   deny eigrp any host x.x.x.x
   deny udp any host 224.0.0.10
  
  ip access-list bgp
   deny tcp any host x.x.x.x eq 179 <- this is the local router
   deny tcp any eq 179 19.19.y.y <- this is the bgp peer
   deny tcp any eq 179 19.19.y.y

  I'm not sure if I also need more commands for eigrp ?!
  
  Dennis
  -------- Original-Nachricht --------

    Datum: Sun, 14 Feb 2010 08:31:23 -0500
    Von: Scott Morris <smorris_at_ine.com> An: ccie_ka_at_gmx.de CC: ccielab_at_groupstudy.com Betreff: Re: CoPP - Question

     If it is flowing THROUGH your router, that would be data plane, not
    control plane. (and BGP is the only multihop one you can do that with)
    
    But otherwise, what kind of detail are you looking for? The object is to
    control/limit how much stuff is thrown at your router that the router
    itself has to actually process. Like most things, you'll start with
    something like is on the web and tweak it from there based on your
    particular needs. YMMV.
    
    Scott Morris, CCIEx4 (R&S/ISP-Dial/Security/Service Provider) #4713,
    
    JNCIE-M #153, JNCIS-ER, CISSP, et al.
    
    JNCI-M, JNCI-ER
    evil_at_ine.com
    Internetwork Expert, Inc.
    http://www.InternetworkExpert.com
    Toll Free: 877-224-8987
    
    Outside US: 775-826-4344
    
    Knowledge is power.
    
    Power corrupts.
    
    Study hard and be Eeeeviiiil......
    ccie_ka_at_gmx.de wrote:
    
      Hi Group,
      
      I'm currently working with CoPP.
      I also read the the Cisco Documents about this stuff,
      
      Is there any good documentation in the web which explains this in detail
    ...let's say I must limit routing protocols like ospf, eigrp and bgp.
      How can I restrict this protocols...from flowing through a specified
    router..
      
      Dennis

    Blogs and organic groups at http://www.ccie.net
    _______________________________________________________________________
    Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Feb 14 2010 - 09:06:58 ART