Policy Based Routing Traffic Filtering


As part of the security team you are always looking for ways to improve security within the company. You want to get rid of all the local vty/console logins within your network so you decide to implement some AAA security.


  • All IP addresses have been configured for you, look at the topology picture for the IP addresses.
  • OSPF has been preconfigured for you on all routers.
  • Configure router Mirror so all ICMP traffic from network /24 larger than 150 bytes will be dropped.
  • You are not allowed to apply any access-list on the interfaces.


Policy Based Route Filtering

Video Solution:

Configuration Files

You need to register to download the GNS3 topology file. (Registration is free!)

Once you are logged in you will find the configuration files right here.

Opt In Image
Do you want your CCNA or CCNP Certificate?

The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.

Written by René Molenaar - CCIE #41726

You May Also Like

About the Author: Rene Molenaar

René - CCIE #41726 is the creator of GNS3Vault.com where he shares CCNA, CCNP and CCIE R&S labs. He also blogs about networking on http://networklessons.com


  1. You can use a class map to match ICMP traffic, policy map to drop the traffic, and assign the service policy to the interface. Technically the ACL is not applied to interface, the service policy is.

    class-map match-all Block-ICM
    match protocol icmp
    match packet length min 151
    match access-group 101
    policy-map Block_ICMP
    class Block-ICM
    access-list 101 permit icmp any

    1. Hi Steve Occh, Your config is correct if only you are able to use access-list. The criteria staes that you are not allowed to use an access-list. Cheers

  2. I used route-map to achieve the goal:

    interface FastEthernet1/0
    ip address
    ip policy route-map ICMP
    duplex auto
    speed auto
    route-map ICMP permit 10
    match length 151 2147483647
    set interface Null0

Comments are closed.