I would like to use a policy map and acl to stop all Code Red from entering my network on my 3640 router. I have 4 serial ports and 2 fast ethernet ports. The serial ports are connected to 2 different ISP's (2 T-1's per ISP). From some of the things that I have read, I would need to use CEF to accomplish this. Is that a true statement or can I use the fast-packet switching instead. My 1 ISP does not support CEF.
You need to conifgure NBAR to block Code Red. NBAR will not work since it requires CEF so you have to enable cef on the router. CEF is a switching mechanisms and it does not matter whether your ISP supports it or not. I am sending you a link from the CCO which talks about configuring NBAR for Code Red and I would recommend using the Method C from the config. Hope this helps. http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...