Solved: Re: IP blocking using route to Null0

Eivinas · ‎01-30-2019

As for security reasons we are blocking IP addresses by giving them IP route to Null on our main router WS-C6506-E.

As static route list is expanding on router I am wondering how many of static routes to Null can handle WS-C6506-E router and how strongly those routes effecting routing process?

Georg Pauwen · ‎01-31-2019

Hello,

I think you can use use the command:

show mls cef maximum-routes

to display the maximum IPv4 routes...

That said, how exactly are you using the null routes ? Would an access list not be a better alternative ?

View solution in original post

Deepak Kumar · ‎01-31-2019

Hi,
Which is your SUP?

Regards,
Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Eivinas · ‎01-31-2019

Supervisor Engine 720 10GE (Active) VS-S720-10G .
And Georg is right show mls cef maximum-routes displays maximum routes.

Georg Pauwen · ‎01-31-2019

Hello,

I think you can use use the command:

show mls cef maximum-routes

to display the maximum IPv4 routes...

That said, how exactly are you using the null routes ? Would an access list not be a better alternative ?

Eivinas · ‎01-31-2019

Thank you that command gives what I need. Well yes we are using access-list, but it were implemented long time ago, and I am about to rewrite it to make it more efficient.
Well we have honey pots, that are detecting ip addresses that scans our network, or acting suspicious. And those IP as directed to Null0.