The reason it doesn't work on the sub-interface is because the 4 byte VLAN header offsets the packet which makes the PHDF files no longer accurate. You can recreate the PHDF files with a VLAN header field and offset the fields to fix this.
So it isn't that it doesn't work. It is that the files aren't accurate when you add an additional VLAN header. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Mark Senteza [mailto:[email protected]] Sent: Sunday, February 13, 2011 8:27 PM To: cristian venegas Cc: Tyson Scott; [email protected] Subject: Re: [OSL | CCIE_Security] Whats wrong with this FPM? Didnt know that either. Learn something everyday on this forum I'll say !!! On Sun, Feb 13, 2011 at 2:03 PM, cristian venegas <[email protected]> wrote: Tyson, Excellent, thanks for the help. The physical interface worked just fine. Regards Cristian On Sun, Feb 13, 2011 at 5:44 PM, Tyson Scott <[email protected]> wrote: It won't work on the sub interface. Try it using a physical interface. Regards, Tyson Scott CCIE # 13513 (R&S, Security, SP) Managing Partner/Technical Instructor - IPexpert Inc. [email protected] ----- Reply message ----- From: "cristian venegas" <[email protected]> Date: Sun, Feb 13, 2011 1:36 pm Subject: [OSL | CCIE_Security] Whats wrong with this FPM? To: "[email protected]" <[email protected]> Folks, Im doing a mini-lab to see if i understood FPM correctly. Basically, i want to drop all web traffic. Can anybody confirm if this is correct? For some reason its not working. class-map type stack match-all cm_1 match field IP protocol eq 6 next TCP class-map type access-control match-all cm_2 match field TCP dest-port eq 80 ! policy-map type access-control pm_2 class cm_2 log drop policy-map type access-control pm_1 class cm_1 service-policy pm_2 ! interface FastEthernet0/0.20 ip address 10.20.20.2 255.255.255.0 service-policy type access-control input pm_1 Thanks! Regards, Cristian _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com <http://www.ipexpert.com/> _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
