From: Tim Szigeti (szigeti@xxxxxxxxx)
Date: Thu Dec 06 2001 - 00:22:30 GMT-3
make sure you have enabled ip cef. without cef, the nbar commands are
entered into the config, but will have no effect.
-tim
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of Frank Kim
> Sent: Tuesday, December 04, 2001 4:22 PM
> To: ccielab@groupstudy.com
> Subject: Filtering using NBAR
>
>
> Folks,
> Has anyone actually got NBAR filtering working? I have the
> below configured on my router and it doesn't seem to work.
> This is a config I copied from one of us in this group awhile
> ago. Also, Please advise if
> *.exe* is a mime-type? I thought mime-types are something
> like Media/Audio....
>
> Here is my config. Thanks for any help.
>
> ###############################################################
> class-map match-any http-hacks
> match protocol http url "*default.ida*"
> match protocol http url "*.ida*"
> match protocol http url "*cmd.exe*"
> match protocol http url "*readme.exe*"
> match protocol http url "*root.exe*"
> match protocol http url "*_vti_bin*"
> match protocol http url "*_mem_bin*"
> match protocol http url "*.eml*"
> match protocol http url "*.exe*"
> match protocol http mime ".exe"
> match protocol http mime ".pif"
> match protocol http mime ".scr"
>
>
> policy-map mark-inbound-http-hacks
> class http-hacks
> set ip dscp 1
>
>
> interface FastEthernet0/0/0
> ip address 192.168.1.1 255.255.255.0
> ip access-group 100 1
> no ip route-cache distributed
> full-duplex
> service-policy input mark-inbound-http-hacks
> no cdp enable
>
>
> access-list 100 deny ip any any dscp 1 log
> access-list 100 permit ip any any
> ##############################################
>
>
>
> -Frank
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:39 GMT-3