Re: Control Plan Protection,

Manouchehr,

Please try to change "match-any" to "match-all" in the class-map type
port-filter match-any CLOSED_PORTS and let us know how it goes.

Regards,

--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Fri, Oct 29, 2010 at 12:52 PM, Manouchehr Omari <manouchehr1979_at_gmail.com
> wrote:
> Hello All, Anyone can please check the following config the problem is
> i can't see the RIP routes with below config applied, if i remove the
> drop keyword from "policy-map type port-filter HOST_SUBINT" then the
> routes appear in the routing table.
>
>
> class-map match-all FRAGMENTED
>  match access-group name FRAGMENTED
> class-map type port-filter match-any CLOSED_PORTS
>  match  closed-ports
>  match not  port udp 520
> class-map type queue-threshold match-all HTTP
>  match  protocol http
> class-map match-all HTTP_RL
>  match access-group 140
> !
> !
> policy-map TRANSIT
>  class FRAGMENTED
>   police rate 1000000 pps burst 200000 packets
> policy-map type port-filter HOST_SUBINT
>  class CLOSED_PORTS
>   drop
> policy-map CEF_EXCEPTION
>  class class-default
>   police rate 100 pps burst 20 packets
> policy-map type queue-threshold QUEUE_THRSHLD
>  class HTTP
>   queue-limit 100
> policy-map HOST_RATE_LIMIT
>  class HTTP_RL
>   police rate 10 pps burst 2 packets
>
>
> access-list 140 permit tcp any any eq www
> !
> !
> !
> !
> !
> control-plane host
>  service-policy input HOST_RATE_LIMIT
>  service-policy type port-filter input HOST_SUBINT
>  service-policy type queue-threshold input QUEUE_THRSHLD
> !
> control-plane transit
>  service-policy input TRANSIT
> !
> control-plane cef-exception
>  service-policy input CEF_EXCEPTION
> !
>
> Best Regards,
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net