Police rate 64000 bpsapply for if the traffic is

Info icon This preview shows pages 62–76. Sign up to view the full content.

View Full Document Right Arrow Icon
Police rate 64000 bps(apply for if the traffic is match class LIMIT- CLASS) Class class-default Police rate 512000 bps( apply for if the traffic isn’t match class LIMIT- CLASS) Exit exit
Image of page 62

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont; Exit Control-plane host Service-policy input LIMIT-POLICY Show policy-map control-plane host
Image of page 63
13 - iACLs Control Plane Policing (CoPP):is a Cisco IOS-wide feature designed to allow users to manage the flow of traffic handled by the route processor of their network devices. CPPr protects the control and management planes of a Cisco IOS device, which maintains routing stability, network reachability, and packet delivery. ... QoS control for packets that are destined to the control plane of Cisco routers.
Image of page 64

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ iACLs(infrastructure access control list): Anti-spoofing Deny special purpose address(deny any thing send to reserved address ,loopback, broadcast address ….). Deny private ip address coming form internet(Filtering RFC 3330 and RFC 1918 ) Deny a traffic which comes from outside and the source address is our inside network Allow BGP communication between two specific host It focus what we are deny, at the end it has explicitly permitted
Image of page 65
Cont’ tACL:transit ACL It focus what we are permit ,at the end it has explicitly deny
Image of page 66

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’
Image of page 67
Cont’
Image of page 68

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’
Image of page 69
13- 07 Controlling the IPv4 Data-plane with ACLs Access list is like a body bodyguard . Deny ip any any out bound ACL isn’t stop router generated traffic,it stops transit traffic At the end of ACLs there is implicit deny The way I understand Implicit Allow/ Deny is that these rights/permissions are inherited by a subject that is placed in a group. Then with Explicit Allow/ Deny this is when rights/permissions are assigned/removed to a subject.
Image of page 70

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Two type of ACL Standard: match basic on layer 3 source address. Extended: match layer 3 and 4 source and distention address. xc
Image of page 71
14 - uRPF Unicast Reverse Path Forwarding ( uRPF ) : uRPF is a security feature that prevents these spoofing attacks. Whenever your router receives an IP packet it will check if it has a matching entry in the routing table for the source IP address. We must implement on router forwarding interface
Image of page 72

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ uRPF modes Strict:if the source address isn’t reachable on the interface this packet coming ,drop it. if we have five interface equal cost route and if we are implemented on one of them,in this cause uRPF is fall. Traffic from 50.50.x.x comes in on interface 1, but traffic to 50.50.x.x is routed out intreface 3, n this cause uRPF is fall. Loose Options Allow self ping(by default in uRPF self ping is disable ) Allow default route(by default in uRPF defaul route is disable ) ACL DF
Image of page 73
cont‘t I am configuring uRPF in loose mode I want to make sure the router can reach the source of any IP packet received on interface fa0/0 using any interface on the router.
Image of page 74

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Con’t enable loose mode, with the exception of the keyword rx
Image of page 75
Image of page 76
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern