Cisco Cisco IOS Software Release 12.4(4)T

Flexible Packet Matching

How to Configure a Flexible Packet Matching Traffic Class and Traffic Policy

Cisco IOS Security Configuration Guide

How to Configure a Flexible Packet Matching Traffic Class and
Traffic Policy

This section contains the following procedures that should be followed when configuring a FPM traffic
class and traffic policy within your network:

•

Creating a Traffic Class for Flexible Packet Matching, page 5

•

Creating a Traffic Policy for Flexible Packet Matching, page 7

Creating a Traffic Class for Flexible Packet Matching

Perform this task to create an FPM traffic class; that is, create a stateless packet classification criteria
that, when used in conjunction with an appropriately defined policy, can mitigate network attacks.

SUMMARY STEPS

enable

configure terminal

load protocol location:filename

class-map [type {stack | access-control}] class-map-name [match-all | match-any]

description character-string

match field protocol protocol-field {eq [mask] | neq [mask] | gt | lt | range range | regex string}
value [next next-protocol]

match start {l2-start | l3-start} offset number size number
{eq | neq | gt | lt | range range | regex string} value [value2]

exit

show class-map [type {stack | access-control}] [class-map-name]

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

•

Enter your password if prompted.

Step 2

configure

terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

load protocol

location:filename

Example:

Router(config)# load protocol disk2:udp.phdf

(Optional) Loads a PHDF onto a router.

•

The specified location must be local to the router.

Note

If a PHDF is not loaded, only the match start
command can be used; that is, you cannot issue the
match field command.