yeah.. I got it.. it's all about the version.. but I can tell you I waste bit 
of 
time looking for a mistake.. :-)
the version I had this issue:  12.4(15)T8

thank you all




________________________________
De: Kingsley Charles <[email protected]>
Para: Carlos Jardim <[email protected]>
Enviadas: Quarta-feira, 13 de Outubro de 2010 19:01:25
Assunto: Re: [OSL | CCIE_Security] MATCH-ALL keyword

Hi Carlos

It should be there in latest images.

With regards
Kings


On Wed, Oct 13, 2010 at 11:26 AM, Carlos Jardim <[email protected]> 
wrote:

Kings,
>
>
>That's what I need:
>
>
>class-map type inspect smtp match-all largemail
> match  sender address regex emailid
> match  data-length gt 10000000
>
>
>I did it yesterday.. worked normally.. 
>I'm afraid I didn't get your point.
>
>
>Regards;
>Carlos
>
>
>
>
>
________________________________
De: Kingsley Charles <[email protected]>
>Para: Carlos Jardim <[email protected]>
>Cc: CCIE Security Maillist <[email protected]>
>Enviadas: Quarta-feira, 13 de Outubro de 2010 16:20:55
>Assunto: Re: [OSL | CCIE_Security] MATCH-ALL keyword
>
>
>That's because you have only one match criteria for smtp class map.. If you 
>add 
>another "match data-length" that will overwrite the existing one.
>
>router1(config)#class-map type inspect smtp match-any king
>router1(config-cmap)#?
>Class-map configuration commands:
>  description  Class-Map description
>  exit         Exit from class-map configuration mode
>  match        classification criteria
>  no           Negate or set default values of a command
>  rename       Rename this class-map
>
>router1(config-cmap)#mat
>router1(config-cmap)#match ?
>  data-length  Specify data transfer length per session
>
>
>
>
>
>With regards
>Kings
>
>
>On Wed, Oct 13, 2010 at 9:15 AM, Carlos Jardim <[email protected]> 
wrote:
>
>All,
>>
>>
>>I am trying the following.. could you guys tell me where my mistake is..  
>>first 
>>time I did this lab (Yusuf1) it was ok.. but now I don't understand why it's 
>>not 
>>working.. 
>>
>>
>>
>>
>>parameter-map type regex ABCD
>> pattern [email protected]
>>!
>>access-list 111 permit ip any any
>>!
>>class-map type inspect match-all CM_CENTRAL_REMOTE
>> match access-group 111
>>!
>>policy-map type inspect central_remote
>> class type inspect CM_CENTRAL_REMOTE
>>  inspect
>> class class-default
>>!
>>(...)
>>!
>>class-map type inspect match-any HTTP
>> match protocol http
>>!
>>class-map type inspect match-any OTHER
>> match protocol telnet
>> match protocol ssh
>>!
>>class-map type inspect match-all CM_ICMP
>> match protocol icmp
>>!
>>class-map type inspect match-all CM_SMTP
>> match protocol smtp
>>!
>>!
>>class-map type inspect http match-any L7CM_HTTP
>> match  request port-misuse tunneling
>>!
>>policy-map type inspect http L7PM_HTTP
>> class type inspect http L7CM_HTTP
>>  reset
>>!
>>! 
>>!
>>class-map type inspect smtp ?
>>  WORD       class-map name
>>  match-any  Logical-OR all matching statements under this classmap
>>!
>>!
>>
>>
>>****** at this point I don't have "MATCH-ALL" keyword available. I just 
>>wanted 
>>to add another match sentence inside this class-map (match sender address 
>>regex 
>>ABCD). *******
>>
>>
>>
>>
>>policy-map type inspect remote_central
>> class type inspect CM_ICMP
>>  inspect
>>  police rate 20000 burst 2000
>> class type inspect OTHER
>>  inspect
>> class type inspect CM_SMTP
>>  inspect
>> class type inspect HTTP
>>  inspect
>>  service-policy http L7PM_HTTP
>>!
>>!
>>!
>>
>>
>>
>>
>>****** configuring this class-map with match-any I can't use a second match 
>>as 
>>expected ******
>>
>>
>>R5(config-cmap)#class-map type inspect smtp match-any L7CM_SMTP
>>R5(config-cmap)#match ?
>>  data-length  Specify data transfer length per session
>>
>>
>>****** data-length appears as the only one option *******
>>
>>
>>
>>
>>Thanks a lot;
>>Carlos
>>
>>
>> 
>>_______________________________________________
>>For more information regarding industry leading CCIE Lab training, please 
>>visit 
>>www.ipexpert.com
>>
>>
>
> 



      
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to