Re: [OSL | CCIE_Security] FPM

Wed, 12 May 2010 04:12:48 -0700 

Nice document....

 

 

So if i have to check that the packet is fragment or not.... then in that case 
next ip would be used regardless of the layer 4 protocol(tcp/udp)... because 
flag field and fragment offset field are part of IP header...

 

class-map type stack FRAG

 match field ip procotol eq 0x1 next ip

 

class-map type access-control match-any FRAG-IP

 match field ip fragment-offset gt 0

 match field ip flag eq 1 mask 6

 

so these two class-map apart from the two other respective policy-map would be 
required if the condition is to drop fragment packet... we do not need to care 
about any other protocol.... Am i right ?

 

If specifically asked to match any port number in the packet like tcp port 444 
then it would be next tcp....

 

Am i right ?

 

 

 


 
> Date: Wed, 12 May 2010 12:00:37 +0100
> Subject: Re: [OSL | CCIE_Security] FPM
> From: [email protected]
> To: [email protected]
> CC: [email protected]
> 
> Hi Summit, the next protocol field is used to identify the next layer.
> If we want to match an IP-in-IP packet we would use next ip.
> 
> There is a good post here (Its from another vendor but its okay)
> 
> http://blog.ine.com/2009/06/14/understanding-flexible-packet-matching/
> 
> HTH,
> 
> On 5/12/10, Sumit Mahla <[email protected]> wrote:
> >
> > Hello All,
> >
> >
> >
> >
> >
> >
> >
> > i have a small confusion....
> >
> >
> >
> > when we use below mentioned command in FPM....
> >
> >
> >
> > class-map type stack match-all FRAGMENT
> >
> > match field ip protocol eq 0x1 next icmp
> >
> >
> >
> >
> >
> >
> >
> > sometimes we use next icmp and some time we use next ip. i know next icmp
> > means that we are going to check fragmented packet for icmp protocol.... if
> > we are checking fragmented packet for tcp then we would use next tcp....
> >
> >
> >
> > but is there a specific reason to use next ip ?
> >
> >
> >
> >
> >
> >
> >
> > Regards
> >
> >
> >
> >
> >
> >
> > 
> > _________________________________________________________________
> > Catch the latest in the world of fashion
> > http://lifestyle.in.msn.com/
> 
> 
> -- 
> Best Regards,
> 
> Tolulope.
                                          
_________________________________________________________________
South Cinema This Decade
http://entertainment.in.msn.com/southcinemathisdecade/
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to