Cisco Cisco IOS Software Release 12.4(2)T

This section contains the following configuration examples:

The following access list filters IP packets containing type of service (ToS) level 3 with TTL values 10 
and 20. It also filters IP packets with a TTL greater than 154 and applies that rule to noninitial fragments. 
It permits IP packets with a precedence level of flash and a TTL not equal to 1, and it sends log messages 
about such packets to the console. All other packets are denied.

ip access-list extended incomingfilter

deny ip any any tos 3 ttl eq 10 20

deny ip any any ttl gt 154 fragments

permit ip any any precedence flash ttl neq 1 log

!

interface ethernet 0

ip access-group incomingfilter in

The following example configures a traffic class called acl-filter-class for use in a policy map called 
acl-filter. An access list permits IP packets from any source having a TTL of 0 or 1. Any packets 
matching the access list are dropped. The policy map is attached to the control plane.

ip access-list extended ttlfilter

permit ip any any ttl eq 0 1

class-map acl-filter-class 

match access-group name ttlfilter 

policy-map acl-filter

class acl-filter-class

drop

control-plane

service-policy input acl-filter

Router(config)# control-plane

Associates or modifies attributes or parameters that are 
associated with the control plane of the device.

{input | output} policy-map-name

Router(config-cp)# service-policy input 

acl-filter

Attaches a policy map to a control plane for aggregate 
control plane services.