Yes Kings, I would have said the same thing as Tyson, I've never really had any issues with it. Let us know when you come across the issue again.
Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On Apr 27, 2010, at 10:34 AM, Kingsley Charles wrote: > Thx Tyson/Roger, I will post the configs when I hit the issue again. > > With regards > Kings > > On Tue, Apr 27, 2010 at 9:17 PM, Roger Cheeks <[email protected]> > wrote: > I concur with Tyson on this... here is a sample of a configuration I ended up > placing in production after lots of testing. > > interface <interface you want to block on> > ip policy route-map inet_block > > ip access-list extended inet_block > permit ip <subnet address> <wildcard mask> any > > route-map inet_block permit 10 > match ip address inet_block > set interface Null0 > > Let me know if you have questions about my testing or configs. > > ~Roger > > On Tue, Apr 27, 2010 at 11:29 AM, Tyson Scott <[email protected]> wrote: > I have never had problems with PBR unless I have a misconfiguration ;) Would > need examples of what didn't work to know. > > > Regards, > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE > (R&S, Voice, Security & Service Provider) certification(s) with training > locations throughout the United States, Europe, South Asia and Australia. Be > sure to visit our online communities at www.ipexpert.com/communities and our > public website at www.ipexpert.com > > > From: [email protected] > [mailto:[email protected]] On Behalf Of Kingsley > Charles > Sent: Tuesday, April 27, 2010 2:58 AM > To: Brandon Carroll > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] Clairification on backhole and sinkhole > > > Hi Brandon > > > Sometimes with the PBR where I send traffic to the null interface, doesn't > get dropped. I see the counters > > increased on the ACL associated with the route-map. Any thought? > > > Tried both globally and local on the interface. > > > > > With regards > > Kings > > On Mon, Apr 26, 2010 at 8:43 PM, Brandon Carroll <[email protected]> > wrote: > > Kings, > > > Off the top of my head if I were asked to route traffic to a Black Hole or a > Sink Hole I would think of using something along the lines of PBR setting the > next hop to null0. > > > > Regards, > > > Brandon Carroll - CCIE #23837 > > Senior Technical Instructor - IPexpert > > Mailto: [email protected] > > Telephone: +1.810.326.1444 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE > (R&S, Voice, Security & Service Provider) certification(s) with training > locations throughout the United States, Europe, South Asia and Australia. Be > sure to visit our online communities at www.ipexpert.com/communities and our > public website at www.ipexpert.com > > > Platinum Solutions Group (PSG) provides high-end consulting services with a > primary emphasis on Cisco's Data Center Solutions, Service Provider > Solutions, Unified Communications and Security-enabled infrastructures. Be > sure to visit www.platinumsolutionsgroup.com. > > > > On Apr 26, 2010, at 12:13 AM, Kingsley Charles wrote: > > > Hi all > > > In the CCIE blue print, under Configure Advanced Security, we have the > following: > > > Configure Black Hole and Sink Hole solutions > Configure RTBH filtering (Remote Triggered Black Hole) > > http://www.cisco.com/web/learning/le3/ccie/security/lab_exam_blueprint_v3.html > > > I am aware of RTBH (source based and destination based). > > > Can someone please share your thoughts for blackhole and sinkhole with some > examples. > > > > With regards > > Kings > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
