Both will work. On Saturday, July 7, 2012, Radim Jurica wrote:
> Hello, > regarding to CoPP question 6.1 in Configuration Parctise Labs. > > Task > ==== > Configure CoPP protection on R2, allowing ICMP pings sourced from the RFC > 1918 address space only. Any ICMP packets sourced from nonprivate address > space to R2 should be dropped. > Do not configure any parameters under the default class that matches any > packet. > You are allowed to configure only one class-map and one policy-map to > complete this task. > > > Do you thing that both following solutions will receive points or only > that Yusuf's one? > > > My config > -------------- > > ! > class-map match-all ICMP > match access-group 101 > ! > policy-map CoPP > class ICMP > drop > ! > access-list 101 deny icmp 10.0.0.0 0.0.0.255 any > access-list 101 deny icmp 172.16.0.0 0.15.255.255 any > access-list 101 deny icmp 192.168.0.0 0.0.255.255 any > access-list 101 permit icmp any any > ! > control-plane > service-policy input CoPP > ! > > > Yusuf's config > -------------------- > > ! > class-map match-all copp > match access-group 101 > match not access-group 102 > ! > ! > policy-map copp > class copp > drop > ! > access-list 101 permit icmp any any > access-list 102 permit icmp 10.0.0.0 0.255.255.255 any > access-list 102 permit icmp 172.16.0.0 0.15.255.255 any > access-list 102 permit icmp 192.168.0.0 0.0.255.255 any > ! > control-plane > service-policy input copp > ! > > > Thanx o lot! > > > Radim > -- FNK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
