Ohh, but you can put vlan-list all... So that is why I wonder if they do the same thing...
Mike From: [email protected] To: [email protected]; [email protected] Subject: Re: [OSL | CCIE_Security] Best option to drop ICMP unreachables Date: Fri, 15 Jun 2012 08:09:32 +0000 I think "ip local policy" is for the global setting not to send unreachables. VLAN filter may address only specific VLANs From: Mike Rojas <[email protected]> Date: Thursday, June 14, 2012 8:13 PM To: "[email protected]" <[email protected]> Subject: [OSL | CCIE_Security] Best option to drop ICMP unreachables Question, What is the best option to drop ICMP unreachable on the switch itself? I saw that one exercise they created an IP local policy and send it out to the Null 0 interface. What I did was to configure a vlan filter matching all ICMP unreachable... Both work fine... It said because it was process switched, they needed to be sent to Null 0, I didnt quite understood why... would my solution work? Mike
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
