Problem in defining Class-map

spremkumar · ‎08-28-2003

Hi

we r using a 3662 with ios c3660-ik8s-mz.122-3.bin.

i m tyring to use the workaround given in cisco site to avoid Nachi worm.but i could able to define some options which is listed in cisco site.can any one pls let me know is ther any equivalent command or value ??

im getting the following output under class map.i m not geting any thing like match packet length/length so that i can match the packet length.

pls help me with some solution...

01(config-cmap)#match ?

access-group Access group

any Any packets

class-map Class map

cos IEEE 802.1Q/ISL class of service/user priority value

destination-address Destination address

input-interface Select an input interface to match

ip IP specific values

mpls Multi Protocol Label Switching specific values

not Negate this match result

protocol Protocol

qos-group Qos-group

source-address Source address

regds

prem

deilert · ‎08-28-2003

I think the workaround is using a route-map not a class map

access-list 199 permit icmp any any echo

access-list 199 permit icmp any any echo-reply

route-map nachi-worm permit 10

! --- match ICMP echo requests and replies (type 0 & 8)

match ip address 199

! --- match 92 bytes sized packets

match length 92 92

! --- drop the packet

set interface Null0

thisisshanky · ‎08-28-2003

Class maps are used to define a traffic class, but not based on packet length. You will have to use a route map instead.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus