Hi Kings, I see you have used physical interface in both examples. I think you must not use PHDF when you want to apply FPM on sub-interface.
Regards, Piotr 2011/6/18 Kingsley Charles <[email protected]> > Hi all > > FPM will not work with with Ethernet sub-interface, serial interface and > Serial Sub-interface. I did some investigation and following is result: The > same is applicable to serial and serial sub-interfaces. > > When you apply FPM involved with stack class-maps, FPM will not work with > Ethernet sub-interface, serial interface and Serial Sub-interface. Following > are samples in which first one directly applies the stack policy map to the > interface. > > > class-map type stack match-all fpm > match field IP protocol eq 6 next TCP > policy-map type access-control fpm > class fpm > drop > interface gigabitEthernet 0/0* > *service-policy type access-control fpm > > class-map type stack match-all iptcp > match field IP protocol eq 6 next TCP > class-map type access-control match-all syn > match field TCP control-bits eq 2 mask 0x3D > policy-map type access-control syn > class syn > drop > policy-map type access-control iptcp > class iptcp > service-policy syn > interface gigabitEthernet 0/0* > *service-policy type access-control iptcp > > > When you apply FPM involved with access-control control-map directly, FPM > will work with with Ethernet sub-interface, serial interface and Serial > Sub-interface. Following are two samples: > > class-map type access-control match-any frag > match field IP flags eq 1 mask 0x6 > match field IP fragment-offset gt 0 > policy-map type access-control frag > class frag > drop > interface gigabitEthernet 0/0* > *service-policy type access-control frag > > > With regards > Kings > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
