I think "ip local policy" is for the global setting not to send unreachables. VLAN filter may address only specific VLANs
From: Mike Rojas <[email protected]<mailto:[email protected]>> Date: Thursday, June 14, 2012 8:13 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [OSL | CCIE_Security] Best option to drop ICMP unreachables Question, What is the best option to drop ICMP unreachable on the switch itself? I saw that one exercise they created an IP local policy and send it out to the Null 0 interface. What I did was to configure a vlan filter matching all ICMP unreachable... Both work fine... It said because it was process switched, they needed to be sent to Null 0, I didnt quite understood why... would my solution work? Mike
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
