Re: Control Plan Protection, from Manouchehr Omari on 2010-10-29 (Ccielab archives 10/2010)

From: Manouchehr Omari <manouchehr1979_at_gmail.com>
Date: Fri, 29 Oct 2010 07:06:07 -0400

Hello Piotr, Thanks for the help it worked.

Kind Regards,
Manouchehr

On Fri, Oct 29, 2010 at 7:01 AM, Piotr Kaluzny <piotrk_at_ipexpert.com> wrote:
> Manouchehr,
>
> Please try to change "match-any" to "match-all" in the class-map type
> port-filter match-any CLOSED_PORTS and let us know how it goes.
>
> Regards,
> --
> Piotr Kaluzny
> CCIE #25665 (Security), CCSP, CCNP
> Sr. Support Engineer - IPexpert, Inc.
> URL: http://www.IPexpert.com
>
>
> On Fri, Oct 29, 2010 at 12:52 PM, Manouchehr Omari
> <manouchehr1979_at_gmail.com> wrote:
>>
>> Hello All, Anyone can please check the following config the problem is
>> i can't see the RIP routes with below config applied, if i remove the
>> drop keyword from "policy-map type port-filter HOST_SUBINT" then the
>> routes appear in the routing table.
>>
>>
>> class-map match-all FRAGMENTED
>> match access-group name FRAGMENTED
>> class-map type port-filter match-any CLOSED_PORTS
>> match closed-ports
>> match not port udp 520
>> class-map type queue-threshold match-all HTTP
>> match protocol http
>> class-map match-all HTTP_RL
>> match access-group 140
>> !
>> !
>> policy-map TRANSIT
>> class FRAGMENTED
>> police rate 1000000 pps burst 200000 packets
>> policy-map type port-filter HOST_SUBINT
>> class CLOSED_PORTS
>> drop
>> policy-map CEF_EXCEPTION
>> class class-default
>> police rate 100 pps burst 20 packets
>> policy-map type queue-threshold QUEUE_THRSHLD
>> class HTTP
>> queue-limit 100
>> policy-map HOST_RATE_LIMIT
>> class HTTP_RL
>> police rate 10 pps burst 2 packets
>>
>>
>> access-list 140 permit tcp any any eq www
>> !
>> !
>> !
>> !
>> !
>> control-plane host
>> service-policy input HOST_RATE_LIMIT
>> service-policy type port-filter input HOST_SUBINT
>> service-policy type queue-threshold input QUEUE_THRSHLD
>> !
>> control-plane transit
>> service-policy input TRANSIT
>> !
>> control-plane cef-exception
>> service-policy input CEF_EXCEPTION
>> !
>>
>> Best Regards,
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Oct 29 2010 - 07:06:07 ART

This archive was generated by hypermail 2.2.0 : Mon Nov 01 2010 - 06:42:06 ART