Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco 3560 TTL Policy

Posted on 2012-03-31
13
Medium Priority
?
256 Views
Last Modified: 2013-04-29
Is there any way to block a trafic from access list depending on ttl  ?
0
Comment
Question by:3XLcom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37791755
0
 

Author Comment

by:3XLcom
ID: 37791784
Yes but 3560 does not have a feature as this :


Cisco.xxx.xxx.xx(config-ext-nacl)#deny ip any any ?
  dscp        Match packets with given dscp value
  fragments   Check non-initial fragments
  log         Log matches against this entry
  log-input   Log matches against this entry, including input interface
  option      Match packets with given IP Options value
  precedence  Match packets with given precedence value
  time-range  Specify a time-range
  tos         Match packets with given TOS value
  <cr>

Open in new window


Is there any way to block specific byte of packeges for ex. 68 byte
or ttl is 117
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37791837
What IOS version do you have?
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 

Author Comment

by:3XLcom
ID: 37791868
ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37791893
Ah, this option is available from version 12.4(2)T
:-~
0
 

Author Comment

by:3XLcom
ID: 37791902
where should i download it
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37791906
Well, from Cisco. But you need to have a valid smartnet support for that (so you can log in and get to the downloads).
0
 

Author Comment

by:3XLcom
ID: 37791926
I have checked from here :
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp 
there is no supported 12.4 version for 3560
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 2000 total points
ID: 37791938
Ok, let me rephrase a previous comment.

This option is available from version 12.4(2)T or higher. So anything above 12.4 should have it (I think I saw a 15.0 version).
0
 

Author Comment

by:3XLcom
ID: 37791940
Just SE versions support cat 3560 15.0 is not have a support for ipv4 ttl access list
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37791991
I'm afraid you're right :(

Is there any specific reason you want to filter on these properties?
0
 

Author Comment

by:3XLcom
ID: 37792006
Sometimes there comes botnet attacks with 200k + packets all of them has same TTL values.
that cause the fulling of sessions on my firewall so all my network locking

At this time i want to block the TTL values.
I am using Juniper SSG sery transparently after my router .
But as fas as i know it does not have a value to block TTL

I decide to put sth. like mikrotik between juniper and cisco but this time it is locking :D

So the only way the buying a citrix with 30k $ or find a way to block on Cisco

Do you have any alternative idea depending on blocking this type of packages

http://www.experts-exchange.com/Networking/Protocols/Transport/TCP-IP/Q_27657169.html
0
 

Author Closing Comment

by:3XLcom
ID: 39120298
Sorry for late acception
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question