Cisco Cisco IOS Software Release 12.4(2)T
ACL Support for Filtering on TTL Value
Configuration Examples for Filtering on TTL Value
7
Cisco IOS Release 12.4(2)T
Configuration Examples for Filtering on TTL Value
This section contains the following configuration examples:
•
•
Filtering on TTL Value: Example
The following access list filters IP packets containing type of service (ToS) level 3 with TTL values 10
and 20. It also filters IP packets with a TTL greater than 154 and applies that rule to noninitial fragments.
It permits IP packets with a precedence level of flash and a TTL not equal to 1, and it sends log messages
about such packets to the console. All other packets are denied.
and 20. It also filters IP packets with a TTL greater than 154 and applies that rule to noninitial fragments.
It permits IP packets with a precedence level of flash and a TTL not equal to 1, and it sends log messages
about such packets to the console. All other packets are denied.
ip access-list extended incomingfilter
deny ip any any tos 3 ttl eq 10 20
deny ip any any ttl gt 154 fragments
permit ip any any precedence flash ttl neq 1 log
!
interface ethernet 0
ip access-group incomingfilter in
Control Plane Policing to Filter on TTL Values 0 and 1: Example
The following example configures a traffic class called acl-filter-class for use in a policy map called
acl-filter. An access list permits IP packets from any source having a TTL of 0 or 1. Any packets
matching the access list are dropped. The policy map is attached to the control plane.
acl-filter. An access list permits IP packets from any source having a TTL of 0 or 1. Any packets
matching the access list are dropped. The policy map is attached to the control plane.
ip access-list extended ttlfilter
permit ip any any ttl eq 0 1
class-map acl-filter-class
match access-group name ttlfilter
policy-map acl-filter
class acl-filter-class
drop
control-plane
service-policy input acl-filter
Step 15
control-plane
Example:
Router(config)# control-plane
Associates or modifies attributes or parameters that are
associated with the control plane of the device.
associated with the control plane of the device.
Step 16
service-policy
{input | output} policy-map-name
Example:
Router(config-cp)# service-policy input
acl-filter
Attaches a policy map to a control plane for aggregate
control plane services.
control plane services.
Command or Action
Purpose