Hi folks, this task asks that UDP packets destined for port 50 with a TTL of less than 3 are dropped without using an ACL - i.e. FPM. The DSG answer works fine, but my answer does not, any ideas what I have screwed up here? I've tried both hex and decimal values for the protocol and port number (DSG uses decimal) but neither works. BTW, I realise this doesn't address the TTL requirement yet, but I can't even get the protocol and port matching to work:
load protocol system:/fpm/phdf/ip.phdf load protocol system:/fpm/phdf/udp.phdf ! class-map type access-control match-all CMACCESSCON_UDP50 match field UDP dest-port eq 50 class-map type stack match-all CMSTACK_IP-UDP match field IP protocol eq 17 next UDP ! policy-map type access-control PMAPACCESSCON_UDP50 class CMACCESSCON_UDP50 drop log policy-map type access-control PMAPACCESSCON_PARENT class CMSTACK_IP-UDP log service-policy PMAPACCESSCON_UDP50 ! interface Serial1/1 service-policy type access-control input PMAPACCESSCON_PARENT ! Cheers :)
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
