Hello, regarding to CoPP question 6.1 in Configuration Parctise Labs. Task ==== Configure CoPP protection on R2, allowing ICMP pings sourced from the RFC 1918 address space only. Any ICMP packets sourced from nonprivate address space to R2 should be dropped. Do not configure any parameters under the default class that matches any packet. You are allowed to configure only one class-map and one policy-map to complete this task.
Do you thing that both following solutions will receive points or only that Yusuf's one? My config -------------- ! class-map match-all ICMP match access-group 101 ! policy-map CoPP class ICMP drop ! access-list 101 deny icmp 10.0.0.0 0.0.0.255 any access-list 101 deny icmp 172.16.0.0 0.15.255.255 any access-list 101 deny icmp 192.168.0.0 0.0.255.255 any access-list 101 permit icmp any any ! control-plane service-policy input CoPP ! Yusuf's config -------------------- ! class-map match-all copp match access-group 101 match not access-group 102 ! ! policy-map copp class copp drop ! access-list 101 permit icmp any any access-list 102 permit icmp 10.0.0.0 0.255.255.255 any access-list 102 permit icmp 172.16.0.0 0.15.255.255 any access-list 102 permit icmp 192.168.0.0 0.0.255.255 any ! control-plane service-policy input copp ! Thanx o lot! Radim
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
