Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1024
Views
0
Helpful
4
Replies

IP blocking using route to Null0

Go to solution
Eivinas
Level 1
Level 1

‎01-30-2019 11:27 PM - edited ‎03-05-2019 11:13 AM

As for security reasons we are blocking IP addresses by giving them IP route to Null on our main router WS-C6506-E.

As static route list is expanding on router I am wondering how many of static routes to Null can handle WS-C6506-E router and how strongly those routes effecting routing process? 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎01-31-2019 12:58 AM

Hello,

 

I think you can use use the command:

 

show mls cef maximum-routes

 

to display the maximum IPv4 routes...

 

That said, how exactly are you using the null routes ? Would an access list not be a better alternative ?

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎01-31-2019 12:00 AM

Hi,
Which is your SUP?

Regards,
Deepak Kumar
Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Go to solution
Eivinas
Level 1
Level 1
In response to Deepak Kumar

‎01-31-2019 01:17 AM

Supervisor Engine 720 10GE (Active) VS-S720-10G .
And Georg is right show mls cef maximum-routes displays maximum routes.
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎01-31-2019 12:58 AM

Hello,

 

I think you can use use the command:

 

show mls cef maximum-routes

 

to display the maximum IPv4 routes...

 

That said, how exactly are you using the null routes ? Would an access list not be a better alternative ?

0 Helpful

Go to solution
Eivinas
Level 1
Level 1
In response to Georg Pauwen

‎01-31-2019 01:23 AM

Thank you that command gives what I need. Well yes we are using access-list, but it were implemented long time ago, and I am about to rewrite it to make it more efficient.
Well we have honey pots, that are detecting ip addresses that scans our network, or acting suspicious. And those IP as directed to Null0.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card