Thanks Tyson, did not know that. Cristian, here's an interesting thread on the subject:
https://learningnetwork.cisco.com/thread/9076 Jerome On Mon, Feb 14, 2011 at 7:44 AM, Tyson Scott <[email protected]> wrote: > It won't work on the sub interface. Try it using a physical interface. > > Regards, > > Tyson Scott > CCIE # 13513 (R&S, Security, SP) > Managing Partner/Technical Instructor - IPexpert Inc. > [email protected] > > > ----- Reply message ----- > From: "cristian venegas" <[email protected]> > Date: Sun, Feb 13, 2011 1:36 pm > Subject: [OSL | CCIE_Security] Whats wrong with this FPM? > To: "[email protected]" <[email protected] > > > > Folks, > > Im doing a mini-lab to see if i understood FPM correctly. Basically, i want > to drop all web traffic. Can anybody confirm if this is correct? For some > reason its not working. > > class-map type stack match-all cm_1 > match field IP protocol eq 6 next TCP > class-map type access-control match-all cm_2 > match field TCP dest-port eq 80 > ! > policy-map type access-control pm_2 > class cm_2 > log > drop > policy-map type access-control pm_1 > class cm_1 > service-policy pm_2 > ! > interface FastEthernet0/0.20 > ip address 10.20.20.2 255.255.255.0 > service-policy type access-control input pm_1 > > Thanks! > > Regards, > Cristian > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
