Hi Tyson In the wireshark, I see 00:13:80:84:ac:40 format in the headers section and in 00 13 80 84 ac 40 raw hex format at the bottom. Tried all the three as following but doesn't work.
class-map type access-control match-any fpmac match field ETHER dest-mac string "00 13 80 84 ac 40" match field ETHER dest-mac string "00:13:80:84:ac:40" match field ETHER dest-mac string "00138084ac40" class-map type stack match-all fpm stack-start l2-start match field ETHER type eq 0x800 next ETHER policy-map type access-control fpmac class fpmac drop policy-map type access-control fpm class fpm service-policy fpmac control-plane service-policy type access-control input fpm With regards Kings On Wed, Nov 17, 2010 at 1:15 PM, Tyson Scott <[email protected]> wrote: > In Wireshark it displays no characters. > > > > Try something like this > > > > class-map type stack match-all ETHER > > stack-start l2-start > > match field ETHER type eq 0x800 next ETHER > > class-map type access-control match-all DEST-MAC > > match field ETHER dest-mac string "0024d64963da" > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* Kingsley Charles [mailto:[email protected]] > *Sent:* Wednesday, November 17, 2010 2:19 AM > *To:* Tyson Scott > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] mac address in fpm > > > > Tried the following too. The IOS accepts it but doesn't show in the running > config > > match field eTHER dest-mac string "00.13.80.84.ac.40" > match field eTHER dest-mac string "00 13 80 84 ac 40" > match field eTHER dest-mac regex .*00.13.80.84.ac.40.* > > > With regards > Kings > > On Wed, Nov 17, 2010 at 12:34 PM, Kingsley Charles < > [email protected]> wrote: > > Tyson, the wireshark uses 00.13.80.84.ac.40 format but that doesn't work > too. > > > > router(config-cmap)#match field eTHER dest-mac eq ? > <0-65535> Value to be Matched > > I tried entering mac addressing but it gives the following error > > router(config-cmap)#match field eTHER dest-mac eq 0x00138084ac40 > ^ > For Ethertype, the IOS accepts the hex as well as decimal value > > router(config-cmap)#match field ethER type eq 0x0806 next eTHER > router(config-cmap)#match field ethER type eq 2054 next ethER > > For IP address, the IOS accepts both dotted address format and it's decimal > value > > router1(config-cmap)#match field ip dest-addr eq ? > <0-4294967295> Value to be Matched > A.B.C.D IP Address > > > router(config-cmap)#match field ip dest-addr eq 10.20.30.40 next IP > router(config-cmap)#match field ip dest-addr eq 169090600 next IP > > With mac address, seems there is some issue > > > router1(config-cmap)#match field eTHER dest-mac eq ? > > > <0-65535> Value to be Matched > > Trying for mac 0013.8084.ac40 > > router1(config-cmap)#match field eTHER dest-mac eq 0x00.13.80.84.ac.40 ? > % Unrecognized command > > router1(config-cmap)#match field eTHER dest-mac eq 0x0013.8084.ac40 ? > % Unrecognized command > > router1(config-cmap)#match field eTHER dest-mac eq 0x00138084ac40 ? > % Unrecognized command > > router1(config-cmap)#match field eTHER dest-mac eq 00.13.80.84.ac.40 ? > % Unrecognized command > > router1(config-cmap)#match field eTHER dest-mac eq 0013.8084.ac40 ? > % Unrecognized command > > router1(config-cmap)#match field eTHER dest-mac eq 00138084ac40 ? > % Unrecognized command > > Hence the only option is to use decimal but the max allowed limit is 65535 > but the decimal value for 0013.8084.ac40 is 83760557120 which is more > 655535. > > > router1(config-cmap)#match field eTHER dest-mac eq 83760557120 ? > % Unrecognized command > > > > With regards > Kings > > > > On Wed, Nov 17, 2010 at 2:52 AM, Tyson Scott <[email protected]> wrote: > > Look at the output of a wireshark capture. enter as it shows in there. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Tuesday, November 16, 2010 2:42 AM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] mac address in fpm > > > > Hi all > > I am trying to match a mac address. The IOS doesn't accept dotted mac > address as such. > > router(config)#class-map type stack match-all fpm > router(config-cmap)#match field eTHER dest-mac eq ? > <0-65535> Value to be Matched > > Should I convert the mac to decimal? > > Even that doesn't work. > > Any thoughts? > > > > With regards > Kings > > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
