You can... http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804559b3.html
On 6/27/07, Jeff Tantsura <[EMAIL PROTECTED]> wrote: > > Bollocks, I does not. You can't set "drop" action within policy-map > framework > > > > I don't need a lab for this. > > > > The working config would be: > > > > ip local policy route-map BLAH > > route-map BLAH > > match ip address 101 > > set interface null0 > > > > access-list 101 permit ip host 192.168.5.254 any > access-list 101 deny any any > > > ------------------------------ > > *From:* Ozgur Guler [mailto:[EMAIL PROTECTED] > *Sent:* woensdag 27 juni 2007 14:22 > *To:* [EMAIL PROTECTED] > *Cc:* Vikas Sharma; [email protected] > *Subject:* Re: [c-nsp] Prevent traffic originated from the router > usingaccess-list > > > > It works. > Just try it in the lab ... > > > On 6/27/07, *Jeff Tantsura* < [EMAIL PROTECTED] > wrote: > > Hi, > > It's not going to work, you'd only match on transit traffic, in order to > match on locally generated traffic you should use local PBR ie: > ip local policy route-map BLAH > > Jeff > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:cisco-nsp- > > [EMAIL PROTECTED] On Behalf Of Ozgur Guler > > Sent: woensdag 27 juni 2007 13:55 > > To: Vikas Sharma > > Cc: [email protected] > > Subject: Re: [c-nsp] Prevent traffic originated from the router > > usingaccess-list > > > > You can drop the relevant traffic with a simple policy-map by applying > it > > to > > an outgoing interface ... > > > > R2#sh policy-map > > Policy Map X > > Class x > > drop > > Class class-default > > > > > > On 6/27/07, Vikas Sharma < [EMAIL PROTECTED]> wrote: > > > > > > Hi, > > > > > > How can I stop traffic originated from local router e.g. from loopback > > > interface of router to go any where? > > > > > > I tried with ACL but it permits the traffic as access-list only stop > > > traffic > > > passing through the router not originated from the router. > > > > > > ========= > > > access-list 101 deny ip host 192.168.5.254 any > > > access-list 101 permit any any > > > > > > ip access-group 101 out > > > ========= > > > > > > Using below conf i am able to achieve the objective. In that I have > > > changed > > > the sourse and destination. Thats correct. > > > > > > But I wanted to know can I achieve the same result using sourse as > > > loopback? > > > > > > working conf - > > > =========== > > > access-list 102 deny ip any host 192.168.5.254 > > > access-list 102 permit ip any any > > > > > > ip access-group 102 in > > > ============== > > > > > > > > > > > > THanks > > > Vikas Sharma > > > _______________________________________________ > > > cisco-nsp mailing list [email protected] > > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > > _______________________________________________ > > cisco-nsp mailing list [email protected] > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
