Have you tried it on the interface?
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Kingsley Charles [mailto:[email protected]] Sent: Wednesday, November 17, 2010 5:11 AM To: Tyson Scott Cc: [email protected] Subject: Re: [OSL | CCIE_Security] mac address in fpm Hi Tyson In the wireshark, I see 00:13:80:84:ac:40 format in the headers section and in 00 13 80 84 ac 40 raw hex format at the bottom. Tried all the three as following but doesn't work. class-map type access-control match-any fpmac match field ETHER dest-mac string "00 13 80 84 ac 40" match field ETHER dest-mac string "00:13:80:84:ac:40" match field ETHER dest-mac string "00138084ac40" class-map type stack match-all fpm stack-start l2-start match field ETHER type eq 0x800 next ETHER policy-map type access-control fpmac class fpmac drop policy-map type access-control fpm class fpm service-policy fpmac control-plane service-policy type access-control input fpm With regards Kings On Wed, Nov 17, 2010 at 1:15 PM, Tyson Scott <[email protected]> wrote: In Wireshark it displays no characters. Try something like this class-map type stack match-all ETHER stack-start l2-start match field ETHER type eq 0x800 next ETHER class-map type access-control match-all DEST-MAC match field ETHER dest-mac string "0024d64963da" Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: Kingsley Charles [mailto:[email protected]] Sent: Wednesday, November 17, 2010 2:19 AM To: Tyson Scott Cc: [email protected] Subject: Re: [OSL | CCIE_Security] mac address in fpm Tried the following too. The IOS accepts it but doesn't show in the running config match field eTHER dest-mac string "00.13.80.84.ac.40" match field eTHER dest-mac string "00 13 80 84 ac 40" match field eTHER dest-mac regex .*00.13.80.84.ac.40.* With regards Kings On Wed, Nov 17, 2010 at 12:34 PM, Kingsley Charles <[email protected]> wrote: Tyson, the wireshark uses 00.13.80.84.ac.40 format but that doesn't work too. router(config-cmap)#match field eTHER dest-mac eq ? <0-65535> Value to be Matched I tried entering mac addressing but it gives the following error router(config-cmap)#match field eTHER dest-mac eq 0x00138084ac40 ^ For Ethertype, the IOS accepts the hex as well as decimal value router(config-cmap)#match field ethER type eq 0x0806 next eTHER router(config-cmap)#match field ethER type eq 2054 next ethER For IP address, the IOS accepts both dotted address format and it's decimal value router1(config-cmap)#match field ip dest-addr eq ? <0-4294967295> Value to be Matched A.B.C.D IP Address router(config-cmap)#match field ip dest-addr eq 10.20.30.40 next IP router(config-cmap)#match field ip dest-addr eq 169090600 next IP With mac address, seems there is some issue router1(config-cmap)#match field eTHER dest-mac eq ? <0-65535> Value to be Matched Trying for mac 0013.8084.ac40 router1(config-cmap)#match field eTHER dest-mac eq 0x00.13.80.84.ac.40 ? % Unrecognized command router1(config-cmap)#match field eTHER dest-mac eq 0x0013.8084.ac40 ? % Unrecognized command router1(config-cmap)#match field eTHER dest-mac eq 0x00138084ac40 ? % Unrecognized command router1(config-cmap)#match field eTHER dest-mac eq 00.13.80.84.ac.40 ? % Unrecognized command router1(config-cmap)#match field eTHER dest-mac eq 0013.8084.ac40 ? % Unrecognized command router1(config-cmap)#match field eTHER dest-mac eq 00138084ac40 ? % Unrecognized command Hence the only option is to use decimal but the max allowed limit is 65535 but the decimal value for 0013.8084.ac40 is 83760557120 which is more 655535. router1(config-cmap)#match field eTHER dest-mac eq 83760557120 ? % Unrecognized command With regards Kings On Wed, Nov 17, 2010 at 2:52 AM, Tyson Scott <[email protected]> wrote: Look at the output of a wireshark capture. enter as it shows in there. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Tuesday, November 16, 2010 2:42 AM To: [email protected] Subject: [OSL | CCIE_Security] mac address in fpm Hi all I am trying to match a mac address. The IOS doesn't accept dotted mac address as such. router(config)#class-map type stack match-all fpm router(config-cmap)#match field eTHER dest-mac eq ? <0-65535> Value to be Matched Should I convert the mac to decimal? Even that doesn't work. Any thoughts? With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
