Steve Carter said:

I believe it to be true that all policy route traffic is processor

switched rather than CEF on the 75xx platform. If so, the 75xx might not be handling all it's being asked to and dropping stuff in a

non-deterministic way.

In my experience you can do the 92 byte blocking on 75's with dCEF provided you are *very* careful about exactly what policy based routes you set up ... Try the following: On the interfaces make sure you have: ip route-cache policy Then apply your PBR the inbound interface: ip policy route-map block92 which looks like: route-map block92 permit 10 match ip address 121 match length 92 92 set interface Null0 route-map block92 permit 20 With access-list 121 looking like access-list 121 permit icmp any any echo The route-map is exteremly critial because some can be done in dCEF and some can't - and you must have the extra permit as well (sorry if I'm teaching grandma to suck eggs) but this seems to work for us.(12.2.15T5) Be sure to check the vip cpu .... and show cef drop and show cef not-cef-switched for the linecard involved ... BTW we also found that in an earlier release of IOS we needed to reboot the router to get this to work properly. Regards Mark -- Mark Vevers. mark@ifl.net / mark@vevers.net Principal Internet Engineer, Internet for Learning, Research Machines Plc. (AS5503)