Hi. I think you need ACL like this to permit traffic of OSPF.
ip access-list extend OSPF permit ospf any any On 2010/08/23, at 22:21, [email protected] wrote: > Send CCIE_Security mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/mailman/listinfo/ccie_security > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CCIE_Security digest..." > > > Today's Topics: > > 1. Re: ZBFW (Jimmy Larsson) > 2. Re: ZBFW (Yogesh Gawankar) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 23 Aug 2010 15:19:54 +0200 > From: Jimmy Larsson <[email protected]> > To: Yogesh Gawankar <[email protected]> > Cc: OSL Security <[email protected]> > Subject: Re: [OSL | CCIE_Security] ZBFW > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > Yes, I reloaded the router and it started to work. And I have no idea why. > ;) > > I first created the policy-maps with only a class-default with action drop. > That killed everything of course. So I added the class "OSPF" afterwards and > as far as I know class-default will always be the last one, and the newly > created class was inserted above class class-default. At least that how it > looks in the config. But can it be this that causes my problem? > > Also, modifying the acl for a class-map while it is in use shouldnt confuse > the router, right? > > /Jimmy > > > 2010/8/23 Yogesh Gawankar <[email protected]> > >> JImmy >> >> Maybe try reapplying the policy maps. >> >> >> Thanks and regards >> >> Yogesh Gawankar >> >> >> --- On *Mon, 8/23/10, Jimmy Larsson <[email protected]>* wrote: >> >> >> From: Jimmy Larsson <[email protected]> >> Subject: [OSL | CCIE_Security] ZBFW >> To: "OSL Security" <[email protected]> >> Date: Monday, August 23, 2010, 10:56 PM >> >> Guys! >> >> Can anyone see what I am doing wrong here? My router R1 has 4 interfaces >> and ongoing OSPF-neighborships. I add ZBFW that simply places 2 interfaces >> in zone "INSIDE" and 2 in zone "OUTSIDE". Also, I mess around with the >> self-zone. On all policy-maps I have added an "OSPF"-class that right now >> matches any traffic since I cannot get it to work. Even then all traffic is >> dropped on class-default. Why? >> >> Log messages: >> >> *Aug 23 12:56:47.023: %FW-6-LOG_SUMMARY: 7 packets were dropped from >> 192.168.12.2:0 => 224.0.0.5:0 (target:class)-(INSIDE->SELF:class-default) >> *Aug 23 12:56:47.023: %FW-6-LOG_SUMMARY: 7 packets were dropped from >> 192.168.14.4:0 => 224.0.0.5:0 (target:class)-(OUTSIDE->SELF:class-default) >> *Aug 23 12:56:47.023: %FW-6-LOG_SUMMARY: 7 packets were dropped from >> 192.168.169.10:0 => 224.0.0.5:0(target:class)-(SELF->OUTSIDE:class-default) >> *Aug 23 12:56:47.027: %FW-6-LOG_SUMMARY: 6 packets were dropped from >> 192.168.12.2:0 => 192.168.12.1:0(target:class)-(INSIDE->SELF:class-default) >> *Aug 23 12:56:47.027: %FW-6-LOG_SUMMARY: 6 packets were dropped from >> 192.168.13.3:0 => 192.168.13.1:0(target:class)-(INSIDE->SELF:class-default) >> *Aug 23 12:56:47.027: %FW-6-LOG_SUMMARY: 6 packets were dropped from >> 192.168.13.3:0 => 224.0.0.5:0 (target:class)-(INSIDE->SELF:class-default) >> *Aug 23 12:56:47.027: %FW-6-LOG_SUMMARY: 6 packets were dropped from >> 192.168.14.1:0 => 224.0.0.5:0 (target:class)-(SELF->OUTSIDE:class-default) >> *Aug 23 12:56:47.027: %FW-6-LOG_SUMMARY: 6 packets were dropped from >> 192.168.169.1:0 => 224.0.0.5:0(target:class)-(OUTSIDE->SELF:class-default) >> >> >> One of the policy-maps: >> >> R1#sh policy-map type insp zone-pair INSIDE->SELF >> >> policy exists on zp INSIDE->SELF >> Zone-pair: INSIDE->SELF >> >> Service-policy inspect : INSIDE->SELF >> >> Class-map: OSPF (match-all) >> Match: access-group name OSPF >> Pass >> 0 packets, 0 bytes >> >> Class-map: class-default (match-any) >> Match: any >> Drop >> 368 packets, 21968 bytes >> R1# >> >> My OSPF access-list: >> >> R1#sh access-l OSPF >> Extended IP access list OSPF >> 20 permit ip any any (107 matches) >> R1# >> >> And the full config: >> >> Building configuration... >> >> Current configuration : 5451 bytes >> ! >> version 12.4 >> service timestamps debug datetime msec >> service timestamps log datetime msec >> no service password-encryption >> ! >> hostname R1 >> ! >> boot-start-marker >> boot-end-marker >> ! >> logging count >> logging message-counter syslog >> logging buffered 4096 >> no logging rate-limit >> ! >> no aaa new-model >> ! >> crypto pki trustpoint TP-self-signed-2178368166 >> enrollment selfsigned >> subject-name cn=IOS-Self-Signed-Certificate-2178368166 >> revocation-check none >> rsakeypair TP-self-signed-2178368166 >> ! >> ! >> crypto pki certificate chain TP-self-signed-2178368166 >> certificate self-signed 01 >> 3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 >> 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 >> 69666963 6174652D 32313738 33363831 3636301E 170D3130 30383233 31323238 >> 30355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 >> 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31373833 >> 36383136 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 >> 8100CFFF 23FB8BBB 4357436C D507EA26 8E823113 1DA9C415 A07CD699 83C72152 >> 4E07AB9C CE06EB9C 017DF40C D47AF894 97F9EAF3 DE0D3331 C5A432B8 95524CB7 >> C6517E90 E4D704B3 0DD3535E EEAC60B3 2680C4CF 187A066B 0982B01E 3C6EC186 >> D6221EB7 21A94B63 FAC4324F A06EF53F 4C8EFA73 13366BA7 22A2A952 4C6FFE12 >> 20810203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603 >> 551D1104 06300482 02523130 1F060355 1D230418 30168014 D87EBD8F FDDDC2D2 >> A814D2A6 66A948EE DBDCA738 301D0603 551D0E04 160414D8 7EBD8FFD DDC2D2A8 >> 14D2A666 A948EEDB DCA73830 0D06092A 864886F7 0D010104 05000381 81007D8B >> 601E0E43 E0729D45 F44E0B7D 98283595 126EE6A8 C2A7EAF4 962510DA C90120F2 >> 82EE7A3F DB267CBA FEBAB878 D87B66B3 B91F37E7 CBAF041B 5E79FF6C 216D2759 >> A279A03C 471F2130 5B23C00C BFF62BA6 D8C7D034 BE0C34F6 F773F1BA C8E0389E >> 18C4D8D7 0D35C714 90CE8BD9 2B527335 5BC66E78 99F46DE0 F84FBA2B 06FA >> quit >> dot11 syslog >> ip source-route >> ! >> ! >> ! >> ! >> ip cef >> no ip domain lookup >> ip inspect log drop-pkt >> no ipv6 cef >> ! >> multilink bundle-name authenticated >> ! >> ! >> ! >> vtp domain KVISTOFTA >> vtp mode transparent >> ! >> ! >> ! >> archive >> log config >> hidekeys >> ! >> ! >> vlan 4,12,14 >> ! >> ! >> class-map type inspect match-all OSPF >> match access-group name OSPF >> ! >> ! >> policy-map type inspect INSIDE->SELF >> class type inspect OSPF >> pass >> class class-default >> drop log >> policy-map type inspect SELF->INSIDE >> class type inspect OSPF >> pass >> class class-default >> drop log >> policy-map type inspect OUTSIDE->INSIDE >> class type inspect OSPF >> pass >> class class-default >> drop log >> policy-map type inspect INSIDE->OUTSIDE >> class type inspect OSPF >> pass >> class class-default >> drop log >> policy-map type inspect OUTSIDE->SELF >> class type inspect OSPF >> pass >> class class-default >> drop log >> policy-map type inspect SELF->OUTSIDE >> class type inspect OSPF >> pass >> class class-default >> drop log >> ! >> zone security INSIDE >> zone security OUTSIDE >> zone-pair security OUTSIDE->INSIDE source OUTSIDE destination INSIDE >> service-policy type inspect OUTSIDE->INSIDE >> zone-pair security INSIDE->OUTSIDE source INSIDE destination OUTSIDE >> service-policy type inspect INSIDE->OUTSIDE >> zone-pair security OUTSIDE->SELF source OUTSIDE destination self >> service-policy type inspect OUTSIDE->SELF >> zone-pair security SELF->OUTSIDE source self destination OUTSIDE >> service-policy type inspect SELF->OUTSIDE >> zone-pair security INSIDE->SELF source INSIDE destination self >> service-policy type inspect INSIDE->SELF >> zone-pair security SELF->INSIDE source self destination INSIDE >> service-policy type inspect SELF->INSIDE >> ! >> ! >> ! >> interface Loopback0 >> ip address 1.1.1.1 255.255.255.255 >> ! >> interface Loopback10 >> ip address 10.0.0.1 255.255.255.255 >> ! >> interface FastEthernet0 >> no ip address >> duplex auto >> speed auto >> ! >> interface FastEthernet0.12 >> encapsulation dot1Q 12 >> ip address 192.168.12.1 255.255.255.0 >> zone-member security INSIDE >> ! >> interface FastEthernet0.13 >> encapsulation dot1Q 13 >> ip address 192.168.13.1 255.255.255.0 >> zone-member security INSIDE >> ! >> interface FastEthernet0.14 >> encapsulation dot1Q 14 >> ip address 192.168.14.1 255.255.255.0 >> zone-member security OUTSIDE >> ! >> interface FastEthernet0.169 >> encapsulation dot1Q 169 >> ip address 192.168.169.10 255.255.255.0 >> zone-member security OUTSIDE >> ! >> interface FastEthernet1 >> no ip address >> no ip unreachables >> shutdown >> duplex auto >> speed auto >> ! >> interface FastEthernet2 >> switchport mode trunk >> ! >> interface FastEthernet3 >> ! >> interface FastEthernet4 >> ! >> interface FastEthernet5 >> ! >> interface FastEthernet6 >> ! >> interface FastEthernet7 >> ! >> interface FastEthernet8 >> ! >> interface FastEthernet9 >> ! >> interface Vlan1 >> no ip address >> ! >> interface Async1 >> no ip address >> encapsulation slip >> ! >> router ospf 1 >> log-adjacency-changes >> network 192.168.0.0 0.0.255.255 area 0 >> ! >> ip forward-protocol nd >> ip route 0.0.0.0 0.0.0.0 192.168.1.1 >> no ip http server >> ip http secure-server >> ! >> ! >> ! >> ip access-list extended OSPF >> permit ip any any >> ! >> ip access-list logging interval 1 >> logging dmvpn >> ! >> ! >> ! >> ! >> ! >> ! >> control-plane >> ! >> alias exec srs show run | sect >> alias exec siib show ip int brie | excl unass >> ! >> line con 0 >> logging synchronous >> line 1 >> modem InOut >> stopbits 1 >> speed 115200 >> flowcontrol hardware >> line aux 0 >> line vty 0 4 >> login >> ! >> ! >> ! >> end >> >> What is going on? Why is all traffic hitting class-default even when I have >> a class that matches all traffic above class-default? >> >> /Jimmy >> >> -- >> ------- >> Jimmy Larsson >> Ryavagen 173 >> s-26030 Vallakra >> Sweden >> http://blogg.kvistofta.nu >> ------- >> >> -----Inline Attachment Follows----- >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >> > > > -- > ------- > Jimmy Larsson > Ryavagen 173 > s-26030 Vallakra > Sweden > http://blogg.kvistofta.nu > ------- > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_security/attachments/20100823/e38a6743/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Mon, 23 Aug 2010 06:21:39 -0700 (PDT) > From: Yogesh Gawankar <[email protected]> > To: Jimmy Larsson <[email protected]> > Cc: OSL Security <[email protected]> > Subject: Re: [OSL | CCIE_Security] ZBFW > Message-ID: <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > HI Jimmy > ? > With ZFW you need to reapply the policy maps if you change anything. > > Thanks and regards > > Yogesh Gawankar > > > --- On Mon, 8/23/10, Jimmy Larsson <[email protected]> wrote: > > > From: Jimmy Larsson <[email protected]> > Subject: Re: [OSL | CCIE_Security] ZBFW > To: "Yogesh Gawankar" <[email protected]> > Cc: "OSL Security" <[email protected]> > Date: Monday, August 23, 2010, 11:19 PM > > > Yes, I reloaded the router and it started to work. And I have no idea why. ;) > > > I first created the policy-maps with only a class-default with action drop. > That killed everything of course. So I added the class "OSPF" afterwards and > as far as I know class-default will always be the last one, and the newly > created class was inserted above class class-default. At least that how it > looks in the config. But can it be this that causes my problem? > > > Also, modifying the acl for a class-map while it is in use shouldnt confuse > the router, right? > > > /Jimmy > > > > 2010/8/23 Yogesh Gawankar <[email protected]> > > > > > > > JImmy > ? > Maybe try reapplying the policy maps. > > > Thanks and regards > > Yogesh Gawankar > > > --- On Mon, 8/23/10, Jimmy Larsson <[email protected]> wrote: > > > > From: Jimmy Larsson <[email protected]> > Subject: [OSL | CCIE_Security] ZBFW > To: "OSL Security" <[email protected]> > Date: Monday, August 23, 2010, 10:56 PM > > > > > > Guys!? > > > Can anyone see what I am doing wrong here? My router R1 has 4 interfaces and > ongoing OSPF-neighborships. I add ZBFW that simply places 2 interfaces in > zone "INSIDE" and 2 in zone "OUTSIDE". Also, I mess around with the > self-zone. On all policy-maps I have added an "OSPF"-class that right now > matches any traffic since I cannot get it to work. Even then all traffic is > dropped on class-default. Why? > > > Log messages: > > > *Aug 23 12:56:47.023: %FW-6-LOG_SUMMARY: 7 packets were dropped from > 192.168.12.2:0 => 224.0.0.5:0 (target:class)-(INSIDE->SELF:class-default) > *Aug 23 12:56:47.023: %FW-6-LOG_SUMMARY: 7 packets were dropped from > 192.168.14.4:0 => 224.0.0.5:0 (target:class)-(OUTSIDE->SELF:class-default) > *Aug 23 12:56:47.023: %FW-6-LOG_SUMMARY: 7 packets were dropped from > 192.168.169.10:0 => 224.0.0.5:0 (target:class)-(SELF->OUTSIDE:class-default) > *Aug 23 12:56:47.027: %FW-6-LOG_SUMMARY: 6 packets were dropped from > 192.168.12.2:0 => 192.168.12.1:0 (target:class)-(INSIDE->SELF:class-default) > *Aug 23 12:56:47.027: %FW-6-LOG_SUMMARY: 6 packets were dropped from > 192.168.13.3:0 => 192.168.13.1:0 (target:class)-(INSIDE->SELF:class-default) > *Aug 23 12:56:47.027: %FW-6-LOG_SUMMARY: 6 packets were dropped from > 192.168.13.3:0 => 224.0.0.5:0 (target:class)-(INSIDE->SELF:class-default) > *Aug 23 12:56:47.027: %FW-6-LOG_SUMMARY: 6 packets were dropped from > 192.168.14.1:0 => 224.0.0.5:0 (target:class)-(SELF->OUTSIDE:class-default) > *Aug 23 12:56:47.027: %FW-6-LOG_SUMMARY: 6 packets were dropped from > 192.168.169.1:0 => 224.0.0.5:0 (target:class)-(OUTSIDE->SELF:class-default) > > > > > One of the policy-maps: > > > > R1#sh policy-map type insp zone-pair INSIDE->SELF > > > policy exists on zp INSIDE->SELF > ?Zone-pair: INSIDE->SELF > > > ??Service-policy inspect : INSIDE->SELF > > > ?? ?Class-map: OSPF (match-all) > ?? ? ?Match: access-group name OSPF > ?? ? ?Pass > ?? ? ? ?0 packets, 0 bytes > > > ?? ?Class-map: class-default (match-any) > ?? ? ?Match: any? > ?? ? ?Drop > ?? ? ? ?368 packets, 21968 bytes > R1# > > > My OSPF access-list: > > > > R1#sh access-l OSPF ? ? ? > Extended IP access list OSPF > ?? ?20 permit ip any any (107 matches) > R1# > > > And the full config: > > > > > Building configuration... > > > Current configuration : 5451 bytes > ! > version 12.4 > service timestamps debug datetime msec > service timestamps log datetime msec > no service password-encryption > ! > hostname R1 > ! > boot-start-marker > boot-end-marker > ! > logging count > logging message-counter syslog > logging buffered 4096 > no logging rate-limit > ! > no aaa new-model > ! > crypto pki trustpoint TP-self-signed-2178368166 > ?enrollment selfsigned > ?subject-name cn=IOS-Self-Signed-Certificate-2178368166 > ?revocation-check none > ?rsakeypair TP-self-signed-2178368166 > ! > ! > crypto pki certificate chain TP-self-signed-2178368166 > ?certificate self-signed 01 > ??3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030? > ??31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274? > ??69666963 6174652D 32313738 33363831 3636301E 170D3130 30383233 31323238? > ??30355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649? > ??4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31373833? > ??36383136 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281? > ??8100CFFF 23FB8BBB 4357436C D507EA26 8E823113 1DA9C415 A07CD699 83C72152? > ??4E07AB9C CE06EB9C 017DF40C D47AF894 97F9EAF3 DE0D3331 C5A432B8 95524CB7? > ??C6517E90 E4D704B3 0DD3535E EEAC60B3 2680C4CF 187A066B 0982B01E 3C6EC186? > ??D6221EB7 21A94B63 FAC4324F A06EF53F 4C8EFA73 13366BA7 22A2A952 4C6FFE12? > ??20810203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603? > ??551D1104 06300482 02523130 1F060355 1D230418 30168014 D87EBD8F FDDDC2D2? > ??A814D2A6 66A948EE DBDCA738 301D0603 551D0E04 160414D8 7EBD8FFD DDC2D2A8? > ??14D2A666 A948EEDB DCA73830 0D06092A 864886F7 0D010104 05000381 81007D8B? > ??601E0E43 E0729D45 F44E0B7D 98283595 126EE6A8 C2A7EAF4 962510DA C90120F2? > ??82EE7A3F DB267CBA FEBAB878 D87B66B3 B91F37E7 CBAF041B 5E79FF6C 216D2759? > ??A279A03C 471F2130 5B23C00C BFF62BA6 D8C7D034 BE0C34F6 F773F1BA C8E0389E? > ??18C4D8D7 0D35C714 90CE8BD9 2B527335 5BC66E78 99F46DE0 F84FBA2B 06FA > ?? ? ? ?quit > dot11 syslog > ip source-route > ! > ! > ! > ! > ip cef > no ip domain lookup > ip inspect log drop-pkt > no ipv6 cef > ! > multilink bundle-name authenticated > ! > ! > ! > vtp domain KVISTOFTA > vtp mode transparent > !? > ! > ! > archive > ?log config > ??hidekeys > ! > ! > vlan 4,12,14? > ! > ! > class-map type inspect match-all OSPF > ?match access-group name OSPF > ! > ! > policy-map type inspect INSIDE->SELF > ?class type inspect OSPF > ??pass > ?class class-default > ??drop log > policy-map type inspect SELF->INSIDE > ?class type inspect OSPF > ??pass > ?class class-default > ??drop log > policy-map type inspect OUTSIDE->INSIDE > ?class type inspect OSPF > ??pass > ?class class-default > ??drop log > policy-map type inspect INSIDE->OUTSIDE > ?class type inspect OSPF > ??pass > ?class class-default > ??drop log > policy-map type inspect OUTSIDE->SELF > ?class type inspect OSPF > ??pass > ?class class-default > ??drop log > policy-map type inspect SELF->OUTSIDE > ?class type inspect OSPF > ??pass > ?class class-default > ??drop log > ! > zone security INSIDE > zone security OUTSIDE > zone-pair security OUTSIDE->INSIDE source OUTSIDE destination INSIDE > ?service-policy type inspect OUTSIDE->INSIDE > zone-pair security INSIDE->OUTSIDE source INSIDE destination OUTSIDE > ?service-policy type inspect INSIDE->OUTSIDE > zone-pair security OUTSIDE->SELF source OUTSIDE destination self > ?service-policy type inspect OUTSIDE->SELF > zone-pair security SELF->OUTSIDE source self destination OUTSIDE > ?service-policy type inspect SELF->OUTSIDE > zone-pair security INSIDE->SELF source INSIDE destination self > ?service-policy type inspect INSIDE->SELF > zone-pair security SELF->INSIDE source self destination INSIDE > ?service-policy type inspect SELF->INSIDE > ! > ! > ! > interface Loopback0 > ?ip address 1.1.1.1 255.255.255.255 > ! > interface Loopback10 > ?ip address 10.0.0.1 255.255.255.255 > ! > interface FastEthernet0 > ?no ip address > ?duplex auto > ?speed auto > ! > interface FastEthernet0.12 > ?encapsulation dot1Q 12 > ?ip address 192.168.12.1 255.255.255.0 > ?zone-member security INSIDE > ! > interface FastEthernet0.13 > ?encapsulation dot1Q 13 > ?ip address 192.168.13.1 255.255.255.0 > ?zone-member security INSIDE > ! > interface FastEthernet0.14 > ?encapsulation dot1Q 14 > ?ip address 192.168.14.1 255.255.255.0 > ?zone-member security OUTSIDE > ! > interface FastEthernet0.169 > ?encapsulation dot1Q 169 > ?ip address 192.168.169.10 255.255.255.0 > ?zone-member security OUTSIDE > ! > interface FastEthernet1 > ?no ip address > ?no ip unreachables > ?shutdown > ?duplex auto > ?speed auto > ! > interface FastEthernet2 > ?switchport mode trunk > ! > interface FastEthernet3 > ! > interface FastEthernet4 > ! > interface FastEthernet5 > ! > interface FastEthernet6 > ! > interface FastEthernet7 > ! > interface FastEthernet8 > ! > interface FastEthernet9 > ! > interface Vlan1 > ?no ip address > ! > interface Async1 > ?no ip address > ?encapsulation slip > ! > router ospf 1 > ?log-adjacency-changes > ?network 192.168.0.0 0.0.255.255 area 0 > ! > ip forward-protocol nd > ip route 0.0.0.0 0.0.0.0 192.168.1.1 > no ip http server > ip http secure-server > ! > ! > ! > ip access-list extended OSPF > ?permit ip any any > ! > ip access-list logging interval 1 > logging dmvpn > ! > ! > ! > ! > ! > ! > control-plane > ! > alias exec srs show run | sect > alias exec siib show ip int brie | excl unass > ! > line con 0 > ?logging synchronous > line 1 > ?modem InOut > ?stopbits 1 > ?speed 115200 > ?flowcontrol hardware > line aux 0 > line vty 0 4 > ?login > ! > ! > ! > end > > > What is going on? Why is all traffic hitting class-default even when I have a > class that matches all traffic above class-default? > > > /Jimmy > > -- > ------- > Jimmy Larsson > Ryavagen 173 > s-26030 Vallakra > Sweden > http://blogg.kvistofta.nu > ------- > > > -----Inline Attachment Follows----- > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > > -- > ------- > Jimmy Larsson > Ryavagen 173 > s-26030 Vallakra > Sweden > http://blogg.kvistofta.nu > ------- > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: </archives/ccie_security/attachments/20100823/f75ddecf/attachment.html> > > End of CCIE_Security Digest, Vol 50, Issue 40 > ********************************************* _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
