yeah.. I got it.. it's all about the version.. but I can tell you I waste bit of time looking for a mistake.. :-) the version I had this issue: 12.4(15)T8
thank you all ________________________________ De: Kingsley Charles <[email protected]> Para: Carlos Jardim <[email protected]> Enviadas: Quarta-feira, 13 de Outubro de 2010 19:01:25 Assunto: Re: [OSL | CCIE_Security] MATCH-ALL keyword Hi Carlos It should be there in latest images. With regards Kings On Wed, Oct 13, 2010 at 11:26 AM, Carlos Jardim <[email protected]> wrote: Kings, > > >That's what I need: > > >class-map type inspect smtp match-all largemail > match sender address regex emailid > match data-length gt 10000000 > > >I did it yesterday.. worked normally.. >I'm afraid I didn't get your point. > > >Regards; >Carlos > > > > > ________________________________ De: Kingsley Charles <[email protected]> >Para: Carlos Jardim <[email protected]> >Cc: CCIE Security Maillist <[email protected]> >Enviadas: Quarta-feira, 13 de Outubro de 2010 16:20:55 >Assunto: Re: [OSL | CCIE_Security] MATCH-ALL keyword > > >That's because you have only one match criteria for smtp class map.. If you >add >another "match data-length" that will overwrite the existing one. > >router1(config)#class-map type inspect smtp match-any king >router1(config-cmap)#? >Class-map configuration commands: > description Class-Map description > exit Exit from class-map configuration mode > match classification criteria > no Negate or set default values of a command > rename Rename this class-map > >router1(config-cmap)#mat >router1(config-cmap)#match ? > data-length Specify data transfer length per session > > > > > >With regards >Kings > > >On Wed, Oct 13, 2010 at 9:15 AM, Carlos Jardim <[email protected]> wrote: > >All, >> >> >>I am trying the following.. could you guys tell me where my mistake is.. >>first >>time I did this lab (Yusuf1) it was ok.. but now I don't understand why it's >>not >>working.. >> >> >> >> >>parameter-map type regex ABCD >> pattern [email protected] >>! >>access-list 111 permit ip any any >>! >>class-map type inspect match-all CM_CENTRAL_REMOTE >> match access-group 111 >>! >>policy-map type inspect central_remote >> class type inspect CM_CENTRAL_REMOTE >> inspect >> class class-default >>! >>(...) >>! >>class-map type inspect match-any HTTP >> match protocol http >>! >>class-map type inspect match-any OTHER >> match protocol telnet >> match protocol ssh >>! >>class-map type inspect match-all CM_ICMP >> match protocol icmp >>! >>class-map type inspect match-all CM_SMTP >> match protocol smtp >>! >>! >>class-map type inspect http match-any L7CM_HTTP >> match request port-misuse tunneling >>! >>policy-map type inspect http L7PM_HTTP >> class type inspect http L7CM_HTTP >> reset >>! >>! >>! >>class-map type inspect smtp ? >> WORD class-map name >> match-any Logical-OR all matching statements under this classmap >>! >>! >> >> >>****** at this point I don't have "MATCH-ALL" keyword available. I just >>wanted >>to add another match sentence inside this class-map (match sender address >>regex >>ABCD). ******* >> >> >> >> >>policy-map type inspect remote_central >> class type inspect CM_ICMP >> inspect >> police rate 20000 burst 2000 >> class type inspect OTHER >> inspect >> class type inspect CM_SMTP >> inspect >> class type inspect HTTP >> inspect >> service-policy http L7PM_HTTP >>! >>! >>! >> >> >> >> >>****** configuring this class-map with match-any I can't use a second match >>as >>expected ****** >> >> >>R5(config-cmap)#class-map type inspect smtp match-any L7CM_SMTP >>R5(config-cmap)#match ? >> data-length Specify data transfer length per session >> >> >>****** data-length appears as the only one option ******* >> >> >> >> >>Thanks a lot; >>Carlos >> >> >> >>_______________________________________________ >>For more information regarding industry leading CCIE Lab training, please >>visit >>www.ipexpert.com >> >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
