Cisco 7600-ES20-GE3CXL-RF - Ethernet Services 20G Line Card Switch Uživatelský manuál Strana 50

  • Stažení
  • Přidat do mých příruček
  • Tisk
  • Strana
    / 398
  • Tabulka s obsahem
  • KNIHY
  • Hodnocené. / 5. Na základě hodnocení zákazníků
Zobrazit stránku 49
496
Caveats for Cisco IOS Release 12.2(33)SRD through 12.2(33)SRD8
OL-10394-05 Rev. R0
access-list 111 deny udp host 192.168.100.1 any eq 2067
access-list 111 deny 91 host 192.168.100.1 any
!--- Permit all other DLSw traffic sent to all IP addresses
!--- configured on all interfaces of the affected device so that it
!--- will be policed and dropped by the CoPP feature.
access-list 111 permit udp any any eq 2067
access-list 111 permit 91 any any
!--- Permit (Police or Drop)/Deny (Allow) all other Layer 3 and Layer 4
!--- traffic in accordance with existing security policies and
!--- configurations for traffic that is authorized to be sent
!--- to infrastructure devices.
!--- Create a Class-Map for traffic to be policed by
!--- the CoPP feature.
class-map match-all drop-DLSw-class
match access-group 111
!--- Create a Policy-Map that will be applied to the
!--- Control-Plane of the device.
policy-map drop-DLSw-traffic
class drop-DLSw-class
drop
!--- Apply the Policy-Map to the Control-Plane of the
!--- device.
control-plane
service-policy input drop-DLSw-traffic
In the above CoPP example, the access control entries (ACEs) that match the potential exploit
packets with the “permit” action result in these packets being discarded by the policy-map “drop”
function, while packets that match the “deny” action (not shown) are not affected by the policy-map
drop function. Please note that in the Cisco IOS 12.2S and 12.0S trains, the policy-map syntax is
different:
policy-map drop-DLSw-traffic
class drop-DLSw-class
police 32000 1500 1500 conform-action drop exceed-action drop
Additional information on the configuration and use of the CoPP feature is available at:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_
white_paper0900aecd804fa16a.html
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html
Zobrazit stránku 49
1 2 ... 45 46 47 48 49 50 51 52 53 54 55 ... 397 398

Komentáře k této Příručce

Žádné komentáře