nsp at rhanssen
Apr 19, 2012, 7:21 AM
Post #2 of 2
Sorry, wrong list, should go to foundry-nsp ;)
Re: Protecting MLX/XMR MP against attacks with IP Receive ACLs / extended ACL behaviour
[In reply to]
> this week we had an attack directly against one of our XMR (UDP packets to
> a transfer network IP).
> I was looking for an CoPP-equivalant and found the "IP Receive ACLs"
> In sample case of "I block all UDP and allow everthing else" I would use
> that config here according to the manual:
> access-list 101 remark BLOCK_UDP
> access-list 101 deny udp any any
> access-list 102 remark ALLOW_ANYTHING_ELSE
> access-list 102 permit ip any any
> ip receive access-list 101 sequence 5
> ip receive access-list 102 sequence 10
> Manual says that default policy is "deny ip any any" (applied after last
> I am wondering what exactly is matched by "ip" because other protocols are
> not mentioned.
> Is "ip" an equivalent for "ipv4" or more some kind of "any" in an extended
> access list ?
> Does the above config work or do I need a standard access list like
> "access-list 50 permit any" at the end ?
> Does anybody maybe already have a "known to work"-config for 0815 usage
> (BGP, OSPF, VRRP) ?
> kind regards
> cisco-nsp mailing list cisco-nsp [at] puck
> archive at http://puck.nether.net/pipermail/cisco-nsp/
cisco-nsp mailing list cisco-nsp [at] puck
archive at http://puck.nether.net/pipermail/cisco-nsp/