NBAR with class based policing

From: Dmitry Volkov (dmitry.volkov@rogers.com)
Date: Thu Jan 22 2004 - 16:34:44 GMT-3

• Next message: Chris_M: "Re: NBAR with class based policing"
• Previous message: Jason Aarons: "RE: Help: Auditing Config Changes (kiwi syslog)"
• Next in thread: Chris_M: "Re: NBAR with class based policing"
• Maybe reply: Chris_M: "Re: NBAR with class based policing"
• Maybe reply: Dmitry Volkov: "RE: NBAR with class based policing"
• Maybe reply: Chris_M: "Re: NBAR with class based policing"
• Maybe reply: Dmitry Volkov: "RE: NBAR with class based policing"
• Maybe reply: Alec: "Re: NBAR with class based policing"
• Maybe reply: Alexander Arsenyev (GU/ETL): "RE: NBAR with class based policing"
• Maybe reply: Szabo, Vilmos: "RE: NBAR with class based policing"
• Maybe reply: Dmitry Volkov: "RE: NBAR with class based policing"
• Maybe reply: Szabo, Vilmos: "RE: NBAR with class based policing"
• Maybe reply: Dmitry Volkov: "RE: NBAR with class based policing"
• Maybe reply: rich doty: "RE: NBAR with class based policing"
• Maybe reply: Dmitry Volkov: "RE: NBAR with class based policing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

If I want to use NBAR with class based policing against stuff like codered -
Is it enough to have ?:

Router(config)#class-map match-any http-hacks
Router(config-cmap)#match protocol http url "*default.ida*"
Router(config-cmap)#match protocol http url "*cmd.exe*"
Router(config-cmap)#match protocol http url "*root.exe*"
Router(config)#policy-map drop-inbound-http-hacks
Router(config-pmap)#class http-hacks
Router(config-pmap)#police 1000000 31250 31250 conform-action drop
exceed-action drop violate-action drop
Router(config)#interface serial 0/0
Router(config)#Description OUTSIDE INTERFACE
Router(config-if)#service-policy input drop-inbound-http-hacks

Example here
http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186
a00800fc176.shtml#methodc
looks strange: Description of steps 1)-5) contradicts with config they
place...
They talk about 2 policies : inbound on outside interface for classification
of traffic and outbound for policing:
"Note that you must apply a separate policy to the outbound interface. You
cannot apply a single policy that both marks the "Code Red" packets and
drops them"

but config depicts inbound policing on outside interface, why do I need to
mark them when I just want to drop...

Is config above correct ??

Thank You
Dmitry

• Next message: Chris_M: "Re: NBAR with class based policing"
• Previous message: Jason Aarons: "RE: Help: Auditing Config Changes (kiwi syslog)"
• Next in thread: Chris_M: "Re: NBAR with class based policing"
• Maybe reply: Chris_M: "Re: NBAR with class based policing"
• Maybe reply: Dmitry Volkov: "RE: NBAR with class based policing"
• Maybe reply: Chris_M: "Re: NBAR with class based policing"
• Maybe reply: Dmitry Volkov: "RE: NBAR with class based policing"
• Maybe reply: Alec: "Re: NBAR with class based policing"
• Maybe reply: Alexander Arsenyev (GU/ETL): "RE: NBAR with class based policing"
• Maybe reply: Szabo, Vilmos: "RE: NBAR with class based policing"
• Maybe reply: Dmitry Volkov: "RE: NBAR with class based policing"
• Maybe reply: Szabo, Vilmos: "RE: NBAR with class based policing"
• Maybe reply: Dmitry Volkov: "RE: NBAR with class based policing"
• Maybe reply: rich doty: "RE: NBAR with class based policing"
• Maybe reply: Dmitry Volkov: "RE: NBAR with class based policing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:48 GMT-3