It is the size of where it can be found but I believe you need to have it be *FFFF* as the string inside that 1500 bytes is much more than just those characters. Test though to be sure. I haven't tested.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com> www.ipexpert.com From: Kingsley Charles [mailto:[email protected]] Sent: Friday, February 05, 2010 1:22 PM To: Tyson Scott Cc: [email protected] Subject: Re: [OSL | CCIE_Security] FPM with ICMP Hi Tyson Is the size parameter the actual size of the string or the measure from the offset within which the string can be found? With regards Kings On Fri, Feb 5, 2010 at 8:44 PM, Tyson Scott <[email protected]> wrote: Is it matching the first class map. We know for sure that should work. If that is not working possibly FPM is not working on the platform. I am guessing your string will be *FFFF* as the size is 1500 and FFFF is not 1500 bytes. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Friday, February 05, 2010 10:10 AM To: [email protected] Subject: [OSL | CCIE_Security] FPM with ICMP Hi all I am trying to block "ping 10.20.30.40 data FFFF" from a router. class-map type access-control match-any ac match start ICMP payload-start offset 0 size 1500 string "FFFF" class-map type stack match-all sc match field IP protocol eq 1 next ICMP policy-map type access-control ac class ac drop policy-map type access-control st class sc service-policy ac It's simple but I am missing something. I am still able to ping. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
