General Network Management

 View Only

 Trying to create antispoofing - BCP 38

alexandre bernardi's profile image
alexandre bernardi posted 03-28-2022 08:18
Hi,

I'm trying to create a antispoofing rule like for BCP  38 but it's not working, could someone help me?

Police: ipcorpantispoof.pol

entry IPcorporativo { if { source-address x.x.x.x/22; } then {permit;}}
entry IPcorporativo1 { if { source-address x.x.x.x/22; } then {permit;}}
entry IPcorporativo2 { if { source-address x.x.x.x/24; } then {permit;}}
Entry Deny-TheRest { If {source-address 0.0.0.0/0;} then {deny;}}

1 - configure access-list ipcorpantispoof ports 4:18 ingress 
2 - port 4:18 is a LAG
3 - I already tried to create the rule in the CPE and at CP (changing do ingress and egress but no success).

Regards,
Alexandre
alexandre bernardi's profile image
alexandre bernardi
Anyone can help?