I think the easiest way would be to actually create a new ACL on the router, and then change the user's RADIUS profile to use that ACL...
Arie -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Gert Doering Sent: Tuesday, December 11, 2012 12:48 To: Mike Cc: 'Cisco-nsp' Subject: Re: [c-nsp] DDoS help please Hi, On Tue, Dec 11, 2012 at 11:19:08AM -0800, Mike wrote: > 53 except to/from my servers. I don't want to cut/paste and create a > new access list for this customer, I just want to be able to add some > additional rules on top of the default filter set. Surely there has to > be a way to do this? Not easily, as IOS only supports a single ingress and a single egress ACL per interface, and you can't "include" other ACLs. You might trick this by using an *ingress* ACL on the LAN port of your 7201 to drop that particular traffic, or by using QoS to policy these packets down to 1kbit/s... (you can have QoS policies in addition to an egress ACL). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [email protected] fax: +49-89-35655025 [email protected] _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
