Kingsley, PHDF files use the same logic as standard header-based matching. They were created to streamline the configuration. In the lab exam, if they don't specify the method in the question, feel free to choose the one you are the most comfortable with.
Regards, -- Piotr Kaluzny CCIE #25665 (Security), CCSP, CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com On Sat, Feb 6, 2010 at 7:12 AM, Kingsley Charles <kingsley.char...@gmail.com > wrote: > Hi Tyson > > Will both the first one and second give the same result. I have used IP > instead of L3. Just wanted to confirm. > > In the lab should we use L3 or IP? > > > With regards > Kings > > On Sat, Feb 6, 2010 at 12:48 AM, Tyson Scott <tsc...@ipexpert.com> wrote: > >> The difference between the first two is the first one is not using any >> PHDF definition files. The second one is. >> >> >> >> I do not believe the last two to be the same. >> >> >> >> Regards, >> >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> >> Technical Instructor - IPexpert, Inc. >> >> Mailto: tsc...@ipexpert.com >> >> Telephone: +1.810.326.1444, ext. 208 >> >> Live Assistance, Please visit: www.ipexpert.com/chat >> >> eFax: +1.810.454.0130 >> >> >> >> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA >> (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & >> Service Provider) Certification Training with locations throughout the >> United States, Europe and Australia. Be sure to check out our online >> communities at www.ipexpert.com/communities and our public website at >> www.ipexpert.com >> >> >> >> *From:* ccie_security-boun...@onlinestudylist.com [mailto: >> ccie_security-boun...@onlinestudylist.com] *On Behalf Of *Kingsley >> Charles >> *Sent:* Friday, February 05, 2010 1:52 PM >> *To:* ccie_security@onlinestudylist.com >> *Subject:* Re: [OSL | CCIE_Security] FPM access-control with offset >> matching >> >> >> >> Can someone respond to this query. >> >> >> >> As this can't be tested, I want be sure, if the 2nd and 3rd option are >> correct or wrong. >> >> >> >> With regards >> >> Kings >> >> On Fri, Feb 5, 2010 at 8:10 PM, Kingsley Charles < >> kingsley.char...@gmail.com> wrote: >> >> Hi all >> >> >> >> The following is access-control class-map for blaster attacks. First one >> is used almost everywhere. I have provided two more alternatives, please let >> me know it will work. >> >> >> >> Highlighted are the differences. >> >> >> >> Router(config)# class-map type access-control match-all blaster2 >> Router(config-cmap)# match field tcp dest-port eq 4444 >> Router(config-cmap)# match start l3-start offset 3 size 2 eq 0x0030 >> >> >> >> Using IP instead of l3-start >> >> >> >> Router(config)# class-map type access-control match-all blaster2 >> Router(config-cmap)# match field tcp dest-port eq 4444 >> Router(config-cmap)# match start ip offset 3 size 2 eq 0x0030 >> >> Using string instead of eq >> >> >> >> Router(config)# class-map type access-control match-all blaster2 >> Router(config-cmap)# match field tcp dest-port eq 4444 >> Router(config-cmap)# match start l3-start offset 3 size 2 string 0x0030 >> >> >> >> >> >> with regards >> >> Kings >> >> >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
