Problem wih route-map command for Nachi and IOS

jeff · ‎01-06-2004

I have a Cisco 7507 router with IOS 12.2(8)T4 for our network that will replace a 7206. The router is used on our network border to our Internet carrier. I duplicated the configuration from our working and existing 7206. The configuration included route-map statements (see below) to stop the Nachi virus from the Internet. When I have the route-map policy for Nachi configured on the 7507 we have problems with some upper layer apps, such as ehello in sendmail, NNTP and DNS synchronization. When the policy is removed all works fine. I tried another version of the IOS on the 7507, 12.2(8)T10 with the same problem. I can try an even newer version of the IOS but does anyone know of an issue with the route-map policy (for Nachi) on the 7500 IOS?

route-map nachi-worm permit 10

match ip address 110

match length 92 92

set interface Null0

interface Serial6/0/0

description ***Internet***

ip address 255.255.255.252

encapsulation ppp

ip route-cache flow

no ip mroute-cache

ip policy route-map nachi-worm

serial restart_delay 0

no cdp enable

Thanks for any help.

Jeff

vmoopeung · ‎01-09-2004

this might be because of is a bug "CSCdp83614" in the IOS for 7507 prior to 12.1, it says the length used in the "match length" command has to match the IP length + ethernet

header (14 octets).So if you want to match IP packet with a length of 92 bytes,

you should configure :

"match length 106 106."

Try this out check whether it works .

check in the bug tool kit for more information.