Hmmm. you could be right, sorry, haven't used anything else than 12K/7600 for years, so no chance to run 12.3T/12.4
Regards, Jeff _____ From: Ozgur Guler [mailto:[EMAIL PROTECTED] Sent: woensdag 27 juni 2007 15:23 To: [EMAIL PROTECTED] Cc: Vikas Sharma; [email protected] Subject: Re: [c-nsp] Prevent traffic originated from the router usingaccess-list You can... http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chap ter09186a00804559b3.html On 6/27/07, Jeff Tantsura <[EMAIL PROTECTED]> wrote: Bollocks, It does not. You can't set "drop" action within policy-map framework I don't need a lab for this. The working config would be: ip local policy route-map BLAH route-map BLAH match ip address 101 set interface null0 access-list 101 permit ip host 192.168.5.254 any access-list 101 deny any any _____ From: Ozgur Guler [mailto:[EMAIL PROTECTED] Sent: woensdag 27 juni 2007 14:22 To: [EMAIL PROTECTED] Cc: Vikas Sharma; [email protected] Subject: Re: [c-nsp] Prevent traffic originated from the router usingaccess-list It works. Just try it in the lab ... On 6/27/07, Jeff Tantsura < <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] > wrote: Hi, It's not going to work, you'd only match on transit traffic, in order to match on locally generated traffic you should use local PBR ie: ip local policy route-map BLAH Jeff > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:cisco-nsp- > [EMAIL PROTECTED] On Behalf Of Ozgur Guler > Sent: woensdag 27 juni 2007 13:55 > To: Vikas Sharma > Cc: [email protected] > Subject: Re: [c-nsp] Prevent traffic originated from the router > usingaccess-list > > You can drop the relevant traffic with a simple policy-map by applying it > to > an outgoing interface ... > > R2#sh policy-map > Policy Map X > Class x > drop > Class class-default > > > On 6/27/07, Vikas Sharma < [EMAIL PROTECTED]> wrote: > > > > Hi, > > > > How can I stop traffic originated from local router e.g. from loopback > > interface of router to go any where? > > > > I tried with ACL but it permits the traffic as access-list only stop > > traffic > > passing through the router not originated from the router. > > > > ========= > > access-list 101 deny ip host 192.168.5.254 any > > access-list 101 permit any any > > > > ip access-group 101 out > > ========= > > > > Using below conf i am able to achieve the objective. In that I have > > changed > > the sourse and destination. Thats correct. > > > > But I wanted to know can I achieve the same result using sourse as > > loopback? > > > > working conf - > > =========== > > access-list 102 deny ip any host 192.168.5.254 > > access-list 102 permit ip any any > > > > ip access-group 102 in > > ============== > > > > > > > > THanks > > Vikas Sharma > > _______________________________________________ > > cisco-nsp mailing list [email protected] > > https://puck.nether.net/mailman/listinfo/cisco-nsp <https://puck.nether.net/mailman/listinfo/cisco-nsp> > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
