match length not working

Discussion in 'Cisco' started by Rickie, Dec 10, 2003.

  1. Rickie

    Rickie Guest

    I am trying to implement the policy, base on the cisco documentation.
    However, I cannot use the command 'match length', it said invalid input
    detected...
    I am using IOS 12.0(4). Any hints for me?? Thanks.
     
    Rickie, Dec 10, 2003
    #1
    1. Advertisements

  2. :I am trying to implement the policy, base on the cisco documentation.
    :However, I cannot use the command 'match length', it said invalid input
    :detected...
    :I am using IOS 12.0(4). Any hints for me?? Thanks.

    'match length' has been generally supported since at least 11.3ED.
    I see a reference to it in 12.0.

    What hardware are you using, and what feature set? I'm not sure
    that it is supported on all hardware. Also, what do you see
    if you put in 'match ?' (that is, the question mark after match):
    what options does it list as being valid at that point?
     
    Walter Roberson, Dec 10, 2003
    #2
    1. Advertisements

  3. Rickie

    Rickie Guest

    Hi,

    I am trying to put in the script to stop the icmp traffic (to prevent the
    worm attack). I follow the Cisco documtation (Nachi Worm Mitigration), I
    managed to key in 'match ip address 199', but I cannot key command 'match
    length 92 92'. It said that 'invalid input detected...' and I stopped here.

    I am using Cisco router 805, with IOS 12.0(4). Hope you can advise. Thanks.

    Rgds,


    form!
     
    Rickie, Dec 11, 2003
    #3
  4. :I am trying to put in the script to stop the icmp traffic (to prevent the
    :worm attack). I follow the Cisco documtation (Nachi Worm Mitigration), I
    :managed to key in 'match ip address 199', but I cannot key command 'match
    :length 92 92'. It said that 'invalid input detected...' and I stopped here.

    :I am using Cisco router 805, with IOS 12.0(4). Hope you can advise. Thanks.

    According to the release notes,
    http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/relnote/800ser/rn800xm.htm

    the 805 only supports policy routing with the 'IP PLUS' or
    'IP/IPX PLUS' feature set, and not with IP or IP FW.


    It appears that you bought the very first release that supported
    the 805 at all, 12.0(4)XM, and never upgraded.

    As I read the 12.0(4)XM Release Summary, and the IOS IPv4 DoS attack
    notice,

    http://www.cisco.com/en/US/products/sw/iosswrel/ps5014/products_tech_note09186a008014862a.shtml

    http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

    you could possibly argue Cisco into giving you a free upgrade to
    12.0(7)T3, but only within the same feature set. In 12.0(7)T,
    you still need a feature set that includes PLUS in order to support
    policy based routing on the 805.

    http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/relnote/800ser/rn800t.htm#13452
     
    Walter Roberson, Dec 11, 2003
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.