I guess it worked. Need to check. For "FFFF", 2 bytes is the size.
Since I got inconsistent results, I tried with 1500 to increase the scope for search. With regards Kings On Wed, Jul 11, 2012 at 6:50 AM, Eugene Pefti <[email protected]>wrote: > Hi Kings, > I came across the thread you started sometime in 2010. Your problem was > with filtering ICMP with a specific data pattern. > The stumbling point was the size after the offset in the access-control > class-map: > > Your original class definition was as follows: > > class-map type access-control match-any ac > match start ICMP payload-start offset 0 size 1500 string "FFFF" > class-map type stack match-all sc > match field IP protocol eq 1 next ICMP > > Then you said that the size should be 2 because FFFF is two bytes. Have > you tested it and it worked for you? > > I'm trying to do exactly the same and it doesn’t seem to work > > class-map type access-control match-all ICMP-FILTER-CM > match start ICMP payload-start offset 0 size 2 string "FFFF" > class-map type stack match-all IP-ICMP-STACK-CM > match field IP protocol eq 1 next ICMP > > policy-map type access-control ICMP-FILTER-PM > class ICMP-FILTER-CM > drop > policy-map type access-control FPM-IF-PM > class IP-ICMP-STACK-CM > service-policy ICMP-FILTER-PM > > Interface Fa0/0 > service-policy type access input FPM-IF-PM > > Eugene >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
