From: gladston@br.ibm.com
Date: Thu Sep 02 2004 - 09:15:07 GMT-3
I realize that I configured the service output; then I configured input expecting now packets would be marked with DSCP 50 and be logged, but not changed. NBAR still works but no log of packets with DSCP 50.
interface Vlanxx
service-policy input Not-Authorized-Traffic
RT#sh policy-map interface vlxx
Vlanxx
service-policy input: Not-Authorized-Traffic
class-map: Not-Authorized-Traffic (match-any)
76 packets, 31059 bytes
5 minute offered rate 0 bps, drop rate 0 bps
match: protocol kazaa2
0 packets, 0 bytes
5 minute rate 0 bps
match: protocol fasttrack
42 packets, 29019 bytes
5 minute rate 0 bps
match: protocol napster
34 packets, 2040 bytes
5 minute rate 0 bps
match: protocol gnutella
0 packets, 0 bytes
5 minute rate 0 bps
match: protocol http url "*worm*"
0 packets, 0 bytes
5 minute rate 0 bps
match: protocol http url "*trojan*"
0 packets, 0 bytes
5 minute rate 0 bps
match: protocol http url "*code-red*"
0 packets, 0 bytes
5 minute rate 0 bps
police:
1000000 bps, 1000000 limit, 1000000 extended limit
conformed 76 packets, 31059 bytes; action: set-dscp-transmit 50
exceeded 0 packets, 0 bytes; action: drop
violated 0 packets, 0 bytes; action: drop
conformed 0 bps, exceed 0 bps violate 0 bps
class-map: class-default (match-any)
423673 packets, 354419671 bytes
5 minute offered rate 6808000 bps, drop rate 0 bps
match: any
423673 packets, 354419671 bytes
5 minute rate 6808000 bps
RT#sh access-list LOG
Extended IP access list LOG
permit ip any any dscp 50 log
permit ip any any (44758 matches)
This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:35 GMT-3