I see this issue on every sub-interface. It works when I not rely on phdf structure.
2011/6/20 Kingsley Charles <[email protected]> > Hi Piotr > > Thanks for pointing it out. That was a typo, it is an Ethernet > Sub-interface only. For Serial main interface also the issue in seen. > > > > Wit regards > Kings > > > On Mon, Jun 20, 2011 at 5:41 PM, Piotr Matusiak <[email protected]> wrote: > >> Hi Kings, >> >> I see you have used physical interface in both examples. I think you must >> not use PHDF when you want to apply FPM on sub-interface. >> >> Regards, >> Piotr >> >> >> 2011/6/18 Kingsley Charles <[email protected]> >> >>> Hi all >>> >>> FPM will not work with with Ethernet sub-interface, serial interface and >>> Serial Sub-interface. I did some investigation and following is result: The >>> same is applicable to serial and serial sub-interfaces. >>> >>> When you apply FPM involved with stack class-maps, FPM will not work with >>> Ethernet sub-interface, serial interface and Serial Sub-interface. Following >>> are samples in which first one directly applies the stack policy map to the >>> interface. >>> >>> >>> class-map type stack match-all fpm >>> match field IP protocol eq 6 next TCP >>> policy-map type access-control fpm >>> class fpm >>> drop >>> interface gigabitEthernet 0/0* >>> *service-policy type access-control fpm >>> >>> class-map type stack match-all iptcp >>> match field IP protocol eq 6 next TCP >>> class-map type access-control match-all syn >>> match field TCP control-bits eq 2 mask 0x3D >>> policy-map type access-control syn >>> class syn >>> drop >>> policy-map type access-control iptcp >>> class iptcp >>> service-policy syn >>> interface gigabitEthernet 0/0* >>> *service-policy type access-control iptcp >>> >>> >>> When you apply FPM involved with access-control control-map directly, FPM >>> will work with with Ethernet sub-interface, serial interface and Serial >>> Sub-interface. Following are two samples: >>> >>> class-map type access-control match-any frag >>> match field IP flags eq 1 mask 0x6 >>> match field IP fragment-offset gt 0 >>> policy-map type access-control frag >>> class frag >>> drop >>> interface gigabitEthernet 0/0* >>> *service-policy type access-control frag >>> >>> >>> With regards >>> Kings >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
