a way to remember DF goes before MF is that D goes before M in alphabet, not the ideal way of remembering things but there you go :-)
On 4 June 2012 15:37, Eugene Pefti <[email protected]> wrote: > Sorry, didn't mean to send it yet. Starting it all over: > > If you don't mind, guys, I'd start some sort of compilation of FPM > related knowledge here, specifically that we need to know and which is not > easily available as a reference in Cisco docs. > > 1. Protocol numbers. So far we have to remember only three numbers > (mostly) - 1 (ICMP), 6 (TCP), 17 (UDP) > An accompanying question, is it good to specify them in decimal when > defining the stack type class-map, i.e. I want to match for UDP protocol in > the IP header > class-map type stack IP-UDP-CLASS > match field IP protocol eq 17 next UDP > > And another one, is mask a loose parameter that can always be left off > here ? > > 2. I found that I can't retain in my head what goes first in the Flags > field of IP header, DF or MF. Is there any reference in Cisco docs that > could be looked up during the exam? > Let's take Mike's example with fragmented packets. King's solution is as > follows (I quote it): > > You should match packets with FO> 0 and Flags = 1. > > For the first packet F0=0 and Flags=1 > For other packets F0>0 > For the last packet FO>0 and flags with be 1. > > Hence the following is the solution. > > rtr(config)# class-map type access-control match-any fragudp > rtr(config-cmap)# match field ip flags eq 1 mask 6 > rtr(config-cmap)# match field ip fragment-offset gt 0 > > 2.1 When you say "Flags=1" in the first line what flag do you mean? > I'd assume MF (More Fragments). > 2.2 When you mention flags in the third line as should be set to 1 > again, what flags did you mean, MF or DF? If MF, why would IP stack care > about MF in the last packet? > 2.3 You say that we have to match for packets with FO>0 and Flags=1, > why does the class-map have "match-any" option? > 2.4 If I were to match on DF flag then I'd need to set mask to 5 ? Are > there any conditions that I'd need to care and be prepared to match for the > DF flag? > > Enough for now ;) > > Eugene > > From: Eugene Pefti <[email protected]> > Date: Sunday, June 3, 2012 10:09 PM > To: Mike Rojas <[email protected]>, "[email protected]" < > [email protected]>, "[email protected]" < > [email protected]> > > Subject: Re: [OSL | CCIE_Security] FPM ICMP large Packets > > I feel sorry for you, Mike, but I know that you like all others here > will definitely do it next time. > I start feeling that FPM is the most intimidating subject on the exam ;) > > If you don't mind, guys, I'd start some kind of compilation of FPM related > knowledge here, specifically that we need to know and which is not easily > available as a reference in Cisco docs. > > > 1. Protocol numbers. So far we have to remember only three numbers > (mostly) - 1 (ICMP), 6 (TCP), 17 (UDP) > > > From: Mike Rojas <[email protected]> > Date: Sunday, June 3, 2012 2:25 PM > To: "[email protected]" <[email protected]>, " > [email protected]" <[email protected]> > Subject: Re: [OSL | CCIE_Security] FPM ICMP large Packets > > Oh no Kings, I failed it because I suck at it... a got an FPM question > where you had to do something about the ICMP packet size... I was looking a > question more like finding something inside of the payload... some you win > some you loose... > > Cheers! > > Mike > > ------------------------------ > Date: Sun, 3 Jun 2012 10:56:59 +0530 > Subject: Re: [OSL | CCIE_Security] FPM ICMP large Packets > From: [email protected] > To: [email protected] > > Mike, did you fail in the CCIE lab? And is it due to the wrong solution of > FPM? > > With regards > Kings > > On Sun, Jun 3, 2012 at 3:08 AM, Mike Rojas <[email protected]> wrote: > > I just want to recall one of the Replies from Kingsley... BTW I failed > the test.... > > http://onlinestudylist.com/archives/ccie_security/2012-February/029078.html > > Mike > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com <http://www.platinumplacement.com/> > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com <http://www.platinumplacement.com/> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
