Hi Piotr Thanks for pointing it out. That was a typo, it is an Ethernet Sub-interface only. For Serial main interface also the issue in seen.
Wit regards Kings On Mon, Jun 20, 2011 at 5:41 PM, Piotr Matusiak <[email protected]> wrote: > Hi Kings, > > I see you have used physical interface in both examples. I think you must > not use PHDF when you want to apply FPM on sub-interface. > > Regards, > Piotr > > > 2011/6/18 Kingsley Charles <[email protected]> > >> Hi all >> >> FPM will not work with with Ethernet sub-interface, serial interface and >> Serial Sub-interface. I did some investigation and following is result: The >> same is applicable to serial and serial sub-interfaces. >> >> When you apply FPM involved with stack class-maps, FPM will not work with >> Ethernet sub-interface, serial interface and Serial Sub-interface. Following >> are samples in which first one directly applies the stack policy map to the >> interface. >> >> >> class-map type stack match-all fpm >> match field IP protocol eq 6 next TCP >> policy-map type access-control fpm >> class fpm >> drop >> interface gigabitEthernet 0/0* >> *service-policy type access-control fpm >> >> class-map type stack match-all iptcp >> match field IP protocol eq 6 next TCP >> class-map type access-control match-all syn >> match field TCP control-bits eq 2 mask 0x3D >> policy-map type access-control syn >> class syn >> drop >> policy-map type access-control iptcp >> class iptcp >> service-policy syn >> interface gigabitEthernet 0/0* >> *service-policy type access-control iptcp >> >> >> When you apply FPM involved with access-control control-map directly, FPM >> will work with with Ethernet sub-interface, serial interface and Serial >> Sub-interface. Following are two samples: >> >> class-map type access-control match-any frag >> match field IP flags eq 1 mask 0x6 >> match field IP fragment-offset gt 0 >> policy-map type access-control frag >> class frag >> drop >> interface gigabitEthernet 0/0* >> *service-policy type access-control frag >> >> >> With regards >> Kings >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
