13.45 Netflow Top Talkers -- "match only tcp and icmp"?

Reviewing IP Services section (WB-I).  I do not see any other threads on this, so I am doubting myself.   Is there a trick to this bullet-point, or error in workbook?

  • Match only TCP and ICMP flows coming from......

Solution says    match protocol 1  (icmp).    But this implicitly voids TCP (protocol 6) also.  

 

Three other variations do not work either:

  • cannot give two config lines to match protocol 1 AND match protocol TCP
  • changing it to  match protocol tcp   does the opposite (voids ICMP)   
  • It works if we remove the   no match protocol   but then it allows UDP.

 

Thanks for any help with this.

Edit:   ticket created

 

Comments

  • You could create ACL then match it in a class-map and then use the class-map in the top-talkers. In any case - either the solution or the question is wrong.

  • There must be some error or there's something missing with this one.  I tried these combinations and none of them seem to work:

    1. Numbered ( 100 - 199 ) Extended ACL matching ICMP only with Class-Map
    2. Numbered ( 100 - 199 ) Extended ACL matching ICMP only from source 155.1.0.0/16 with Class-Map
    3. Numbered ( 100 - 199 ) Extended ACL matching TCP only with Class-Map
    4. Numbered ( 100 - 199 ) Extended ACL matching TCP only from source 155.1.0.0/16 with Class-Map
    5. Numbered ( 100 - 199 ) Extended ACL matching "any" with Class-Map
    6. Class-Map with match "any"
    7. Inside Top-Talkers Config - matching the protocols inside the Class-Map and configuring the source within top-talkers config

     

    I tried all the combinations my mind came with and none of them work.  Only match protocol x or y directly inside the top-talker config.  As soon as you enter match "Class-Map" even with match any, the "show flow top-talkers" output stops showing stats..

    I'm not going to give to much emphasis on this one, but I'm sure there is an explanation to this and any help is welcomed.

  • Just a quick note,

    Since matching a class-map under top-talkers config didn't work I configured a class-map and applied it to a policy-map/flow-sampler and then to the interface. 

    That worked.  I know the flow-sampler is another feature, but might be viable as a solution I think.

    Still, I haven't found more information about why the class-map matching doesn't work even with a "any" statement in it.

Sign In or Register to comment.