Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Problem in defining Class-map

Hi

we r using a 3662 with ios c3660-ik8s-mz.122-3.bin.

i m tyring to use the workaround given in cisco site to avoid Nachi worm.but i could able to define some options which is listed in cisco site.can any one pls let me know is ther any equivalent command or value ??

im getting the following output under class map.i m not geting any thing like match packet length/length so that i can match the packet length.

pls help me with some solution...

01(config-cmap)#match ?

access-group Access group

any Any packets

class-map Class map

cos IEEE 802.1Q/ISL class of service/user priority value

destination-address Destination address

input-interface Select an input interface to match

ip IP specific values

mpls Multi Protocol Label Switching specific values

not Negate this match result

protocol Protocol

qos-group Qos-group

source-address Source address

regds

prem

2 REPLIES
Silver

Re: Problem in defining Class-map

I think the workaround is using a route-map not a class map

access-list 199 permit icmp any any echo

access-list 199 permit icmp any any echo-reply

route-map nachi-worm permit 10

! --- match ICMP echo requests and replies (type 0 & 8)

match ip address 199

! --- match 92 bytes sized packets

match length 92 92

! --- drop the packet

set interface Null0

Re: Problem in defining Class-map

Class maps are used to define a traffic class, but not based on packet length. You will have to use a route map instead.

105
Views
0
Helpful
2
Replies
CreatePlease to create content