Cisco OL-4015-08 Manual de usuario descargar pdf (Pagina 131)

100

101

483

Cross-Platform Release Notes for Cisco IOS Release 12.0S

OL-1617-14 Rev. Q0

Caveats

Resolved Caveats—Cisco IOS Release 12.0(32)S15

!--- to the device control plane.

access-list 150 permit udp any any eq 123

!--- Permit (Police or Drop)/Deny (Allow) all other Layer3 and

!--- Layer4 traffic in accordance with existing security policies

!--- and configurations for traffic that is authorized to be sent

!--- to infrastructure devices

!--- Create a Class-Map for traffic to be policed by

!--- the CoPP feature

class-map match-all drop-udp-class

match access-group 150

!--- Create a Policy-Map that will be applied to the

!--- Control-Plane of the device.

policy-map drop-udp-traffic

class drop-udp-class

drop

!--- Apply the Policy-Map to the

!--- Control-Plane of the device

control-plane

service-policy input drop-udp-traffic

In the above CoPP example, the access control list entries (ACEs) that match the potential exploit

packets with the “permit” action result in these packets being discarded by the policy-map “drop”

function, while packets that match the “deny” action (not shown) are not affected by the policy-map

drop function.

- Rate Limiting the traffic to the device The CoPP example below could be included as part of the

deployed CoPP, which will help protect targeted devices from processing large amounts of NTP

traffic.

Warning: If the rate-limits are exceeded valid NTP traffic may also be dropped.

!--- Feature: Network Time Protocol (NTP)

access-list 150 permit udp any any eq 123

!--- Create a Class-Map for traffic to be policed by

!--- the CoPP feature

class-map match-all rate-udp-class

match access-group 150

1 2 ... 126 127 128 129 130 131 132 133 134 135 136 ... 677 678

Comentarios a estos manuales

Sin comentarios

Cisco OL-4015-08 Manual de usuario Pagina 131

Comentarios a estos manuales

Relacionado con productos y manuales para Redes Cisco OL-4015-08