Hi all FPM will not work with with Ethernet sub-interface, serial interface and Serial Sub-interface. I did some investigation and following is result: The same is applicable to serial and serial sub-interfaces.
When you apply FPM involved with stack class-maps, FPM will not work with Ethernet sub-interface, serial interface and Serial Sub-interface. Following are samples in which first one directly applies the stack policy map to the interface. class-map type stack match-all fpm match field IP protocol eq 6 next TCP policy-map type access-control fpm class fpm drop interface gigabitEthernet 0/0* *service-policy type access-control fpm class-map type stack match-all iptcp match field IP protocol eq 6 next TCP class-map type access-control match-all syn match field TCP control-bits eq 2 mask 0x3D policy-map type access-control syn class syn drop policy-map type access-control iptcp class iptcp service-policy syn interface gigabitEthernet 0/0* *service-policy type access-control iptcp When you apply FPM involved with access-control control-map directly, FPM will work with with Ethernet sub-interface, serial interface and Serial Sub-interface. Following are two samples: class-map type access-control match-any frag match field IP flags eq 1 mask 0x6 match field IP fragment-offset gt 0 policy-map type access-control frag class frag drop interface gigabitEthernet 0/0* *service-policy type access-control frag With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
