Re: CoPP - Question

sorry you're right....with the protocls in the access-list

Concerning the deny statement, I would this protocols exclude from policing in the policy-map

Say I have a policy-map which is inbound to the control-plane. This one should match all specified traffic and only the routing traffic shouldn't going through without policing.

Dennis

-------- Original-Nachricht --------
> Datum: Sun, 14 Feb 2010 09:06:58 -0500
> Von: Scott Morris <smorris_at_ine.com>
> An: ccie_ka_at_gmx.de
> CC: ccielab_at_groupstudy.com
> Betreff: Re: CoPP - Question

> Why are you denying the protocols?
>
> Since OSPF and EIGRP are protocol numbers, the addresses become
> irrelevant.
>
> permit ospf any any or permit eigrp any any would be fine!
>
> BGP you'll need to be more aware of the direction/port though. But still
> "permit" would be needed in order to be a match!
>
> Scott Morris, CCIEx4 (R&S/ISP-Dial/Security/Service Provider) #4713,
>
> JNCIE-M #153, JNCIS-ER, CISSP, et al.
>
> JNCI-M, JNCI-ER
>
> evil_at_ine.com
>
> Internetwork Expert, Inc.
>
> http://www.InternetworkExpert.com
>
> Toll Free: 877-224-8987
>
> Outside US: 775-826-4344
>
> Knowledge is power.
>
> Power corrupts.
>
> Study hard and be Eeeeviiiil......
>
> ccie_ka_at_gmx.de wrote:
>
> Thanks for the explanation Scott...
> The traffic should be destined _to_ the router!
>
> While learning (and reading about CoPP) I have more questions...:-))
>
> First of all how can I classify routing protocols with access-list.
> I have the following list defined but I'm not sure if this is the right
> solution ??
>
> Router1
> !OSPF
> ip access-list ospf
> deny ospf any host x.x.x.x
> deny ospf any host 224.0.0.5
> deny ospf any host 224.0.0.6
>
> !eigrp
> ip access-list eigrp
> deny eigrp any host x.x.x.x
> deny udp any host 224.0.0.10
>
> ip access-list bgp
> deny tcp any host x.x.x.x eq 179 <- this is the local router
> deny tcp any eq 179 19.19.y.y <- this is the bgp peer
> deny tcp any eq 179 19.19.y.y
>
> I'm not sure if I also need more commands for eigrp ?!
>
> Dennis
> -------- Original-Nachricht --------
>
> Datum: Sun, 14 Feb 2010 08:31:23 -0500
> Von: Scott Morris <smorris_at_ine.com> An: ccie_ka_at_gmx.de
> CC: ccielab_at_groupstudy.com Betreff: Re: CoPP - Question
>
> If it is flowing THROUGH your router, that would be data plane, not
> control plane. (and BGP is the only multihop one you can do that
> with)
>
> But otherwise, what kind of detail are you looking for? The object is
> to
> control/limit how much stuff is thrown at your router that the router
> itself has to actually process. Like most things, you'll start with
> something like is on the web and tweak it from there based on your
> particular needs. YMMV.
>
> Scott Morris, CCIEx4 (R&S/ISP-Dial/Security/Service Provider) #4713,
>
> JNCIE-M #153, JNCIS-ER, CISSP, et al.
>
> JNCI-M, JNCI-ER
> evil_at_ine.com
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
>
> Outside US: 775-826-4344
>
> Knowledge is power.
>
> Power corrupts.
>
> Study hard and be Eeeeviiiil......
> ccie_ka_at_gmx.de wrote:
>
> Hi Group,
>
> I'm currently working with CoPP.
> I also read the the Cisco Documents about this stuff,
>
> Is there any good documentation in the web which explains this in
> detail
> ...let's say I must limit routing protocols like ospf, eigrp and bgp.
> How can I restrict this protocols...from flowing through a specified
> router..
>
> Dennis
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>

-- 
NEU: Mit GMX DSL |ber 1000,- ? sparen!
http://portal.gmx.net/de/go/dsl02
Blogs and organic groups at http://www.ccie.net