Re: [OSL | CCIE_Security] FPM and ICMP

[Eugene Pefti]

If we need to replace the string FFFF with HEX 0xFFFF in the class-map similar 
to this then there's still no luck. I don't have any packets matching 
ICMP-FILTER-CM class-map.

class-map type access-control match-all ICMP-FILTER-CM
 match start ICMP payload-start offset 0 size 2 eq 0xFFFF

R6(config)#do sh policy-map type acces inter Fa0/0
 FastEthernet0/0

  Service-policy access-control input: FPM-IF-PM

    Class-map: IP-ICMP-STACK-CM (match-all)
      30 packets, 3420 bytes
      5 minute offered rate 0 bps
      Match: field IP protocol eq 1 next ICMP

      Service-policy access-control : ICMP-FILTER-PM

        Class-map: ICMP-FILTER-CM (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps
          Match: start ICMP payload-start offset 0 size 2 eq 0xFFFF
      drop

        Class-map: class-default (match-any)
          10 packets, 1140 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: any

From: Kingsley Charles 
<kingsley.char...@gmail.com<mailto:kingsley.char...@gmail.com>>
Date: Tuesday, July 10, 2012 11:56 PM
To: Karthik sagar <kar....@gmail.com<mailto:kar....@gmail.com>>
Cc: Eugene Pefti <eug...@koiossystems.com<mailto:eug...@koiossystems.com>>, 
"ccie_security@onlinestudylist.com<mailto:ccie_security@onlinestudylist.com>" 
<ccie_security@onlinestudylist.com<mailto:ccie_security@onlinestudylist.com>>
Subject: Re: [OSL | CCIE_Security] FPM and ICMP

Use 0xFFFF not "FFFF"

With regards
Kings

On Wed, Jul 11, 2012 at 11:35 AM, Karthik sagar 
<kar....@gmail.com<mailto:kar....@gmail.com>> wrote:
Kings,

When you say "For "FFFF", 2 bytes is the size", what exactly do you mean ?

Because my router throws this error when i try to configure size = 2

R1(config)#class-map type access-control match-all ICMP-FILTER-CM
R1(config-cmap)#match start ICMP payload-start offset 0 size 2 string "FFFF"
% Error - string specified is longer than the search space specified

Also, FFFF to be 2 bytes, that means each 'F' needs 4 bits to represent. We are 
thinking  F as a HEX value ? Strings cannot be read as hex, can they? How will 
you represent a string like "USER" then ?

Regards,
Karthik


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com