Policy Based Routing Traffic Filtering

Written by Rene Molenaar on 04 October 2011. Posted in Security

Scenario:

As part of the security team you are always looking for ways to improve security within the company. You want to get rid of all the local vty/console logins within your network so you decide to implement some AAA security.

Goal:

All IP addresses have been configured for you, look at the topology picture for the IP addresses.
OSPF has been preconfigured for you on all routers.
Configure router Mirror so all ICMP traffic from network 3.3.3.0 /24 larger than 150 bytes will be dropped.
You are not allowed to apply any access-list on the interfaces.

Topology:

Policy Based Route Filtering

Video Solution:

You need to register to download the GNS3 Topology File. (Registration is Free!)

Related Articles: ICND1 Assesment Lab
Static Routing Beginners Lab
BGP Basic
ICND2 Assessment Lab
GRE Tunnel Basic

Only registered users can write comments!

Comments (1)

SteveOcchO86
2011-11-20 21:49:05

You can use a class map to match ICMP traffic, policy map to drop the traffic, and assign the service policy to the interface. Technically the ACL is not applied to interface, the service policy is.

class-map match-all Block-ICM
match protocol icmp
match packet length min 151
match access-group 101
!
!
policy-map Block_ICMP
class Block-ICM
drop
!
access-list 101 permit icmp 3.3.3.0 0.0.0.255 any

Master CCNA

Master CCNP SWITCH

Master CCNP ROUTE