Hi Tyson Is the size parameter the actual size of the string or the measure from the offset within which the string can be found?
With regards Kings On Fri, Feb 5, 2010 at 8:44 PM, Tyson Scott <[email protected]> wrote: > Is it matching the first class map. We know for sure that should work. > If that is not working possibly FPM is not working on the platform. > > > > I am guessing your string will be **FFFF** as the size is 1500 and FFFF is > not 1500 bytes. > > > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service > Provider) Certification Training with locations throughout the United > States, Europe and Australia. Be sure to check out our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Friday, February 05, 2010 10:10 AM > > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] FPM with ICMP > > > > Hi all > > > > I am trying to block "ping 10.20.30.40 data FFFF" from a router. > > > > class-map type access-control match-any ac > match start ICMP payload-start offset 0 size 1500 string "FFFF" > class-map type stack match-all sc > match field IP protocol eq 1 next ICMP > > > > policy-map type access-control ac > class ac > drop > > policy-map type access-control st > class sc > > service-policy ac > > > > It's simple but I am missing something. I am still able to ping. > > > > > > > With regards > > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
