Howdy,
I am trying to filter out rfc1918 addresses as either source or destination addresses for my pppoe connected subscribers. Each subscriber has a radius item 'Filter-Id' with the name of a filter, with the majority being 'customer_filter1', and it seems that although this is in fact being applied to the virtual-access interfaces per customer, it doesn't work as I expect since I can clearly see traffic from customer -> rfc1918 address space still being forwarded.
Here's a sample 'sh ip interface" showing the filter being applied: c7201-bras#sh ip interface virtual-access 190 Virtual-Access190 is up, line protocol is up Interface is unnumbered. Using address of Loopback0 (x.x.x.x) Broadcast address is 255.255.255.255 Peer address is y.y.y.y MTU is 1492 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is customer_filter1 Inbound access list is not set etc, etc Here is the filter itself: ip access-list extended customer_filter1 deny ip host 0.0.0.0 any deny ip 127.0.0.0 0.255.255.255 any deny ip 192.0.2.0 0.0.0.255 any deny ip 224.0.0.0 31.255.255.255 any deny ip 10.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 192.168.0.0 0.0.255.255 any deny ip any host 0.0.0.0 deny ip any 127.0.0.0 0.255.255.255 deny ip any 192.0.2.0 0.0.0.255 deny ip any 224.0.0.0 31.255.255.255 deny ip any 10.0.0.0 0.255.255.255 deny ip any 172.16.0.0 0.15.255.255 deny ip any 192.168.0.0 0.0.255.255 permit ip any any Any ideas? Mike- _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
