From: Richard Dumoulin (Richard.Dumoulin@vanco.fr)
Date: Sat Sep 18 2004 - 16:29:19 GMT-3
Hi Joe, have you done the NAT section ??
I am still trying to understand how the hell this does work. My problem is I
always thought we needed an inside and an outside for NAT to work :(
--Richard
-----Message d'origine-----
De : Joe Rothstein [mailto:ziutek@mac.com]
Envoyi : Saturday, September 18, 2004 8:08 PM
@ : ccielab@groupstudy.com
Objet : Re: MQC to filter MIME-types
Just a couple of things.
It is pretty unclear as to whether the nbar protocol discovery command
is actually needed. I do not think that it is needed. But since you
have it configured, can you do a sh ip nbar discovery (or something
like that, exact syntax escapes me), and see if it actually seeing any
nbar traffic at all? If not, then there is nothing to match.:)
Seems to me that either the mime type or the url will work. But then
again, this is not clear in the documentation.
I also have my doubts about nbar on a subinterface. Any chance of
reconfiguring and trying the config on the physical one?
the more I delve into NBAR, the more questions I have unfortunately.
Joe
On Saturday, Sep 18, 2004, at 19:13 Europe/Berlin, Joseph D. Phillips
wrote:
> If you were asked that on the exam, the config would suffice. I think
> that's what they look for.
>
> Why it wouldn't work is anybody's guess.
>
>
> ----- Original Message ----- From: "Julian Skelley"
> <julian.skelley@itex.je>
> To: "Joseph D. Phillips" <josephdphillips@fastmail.us>
> Cc: "group study" <ccielab@groupstudy.com>
> Sent: Saturday, September 18, 2004 10:09 AM
> Subject: RE: MQC to filter MIME-types
>
>
> Hi Joseph
>
> I tried that as well but it did not seem to work.
>
> Has anyone else see this config in operation?
>
> Thanks
>
> J
>
> This was the actual full interface config:
>
> r6#sh run int f0/0.26
> Building configuration...
>
> Current configuration : 272 bytes
> !
> interface FastEthernet0/0.26
> encapsulation dot1Q 26
> ip address 174.1.26.6 255.255.255.0
> ip accounting precedence input
> ip nbar protocol-discovery
> ip pim sparse-dense-mode
> service-policy input HTTP_OUT
> ip ospf authentication
> ip ospf authentication-key CISCO
> end
>
> -----Original Message-----
> From: Joseph D. Phillips [mailto:josephdphillips@fastmail.us]
> Sent: 18 September 2004 14:44
> To: Julian Skelley
> Cc: group study
> Subject: Re: MQC to filter MIME-types
>
> I didn't see a reference to nbar in your configs.
>
> I think you have to enable nbar protocol discovery under your
> interface(s).
>
> Julian Skelley wrote:
>
>> Hi Joseph
>>
>> I tried this last night with no success, I have set it up as the doc
> suggest but can not seem to "catch" anything with the map.
>>
>> I must have missed something but I am not sure what?!
>>
>> Can anyone help?
>>
>> Thanks
>> J
>>
>> The set up was:
>>
>> WWW_SERVER---174.1.167.x---[r6]---174.1.26.x---BROWSER
>>
>> r6
>> ip cef
>> !
>> class-map match-any PICS
>> match protocol http mime "*jpg"
>> match protocol http mime "*gif"
>> match protocol http mime "*jpeg"
>> !
>> policy-map HTTP_OUT
>> class PICS
>> drop
>> !
>> interface FastEthernet0/0.26
>> encapsulation dot1Q 26
>> ip address 174.1.26.6 255.255.255.0
>> service-policy output HTTP_OUT
>>
>> r6#sh policy-map int f0/0.26
>> FastEthernet0/0.26
>>
>> Service-policy input: HTTP_OUT
>>
>> Class-map: PICS (match-any)
>> 0 packets, 0 bytes
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> Match: protocol http mime "*jpg"
>> 0 packets, 0 bytes
>> 5 minute rate 0 bps
>> Match: protocol http mime "*gif"
>> 0 packets, 0 bytes
>> 5 minute rate 0 bps
>> Match: protocol http mime "*jpeg"
>> 0 packets, 0 bytes
>> 5 minute rate 0 bps
>> drop
>>
>> Class-map: class-default (match-any)
>> 5972 packets, 434656 bytes
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> Match: any
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>> Joseph D. Phillips
>> Sent: 17 September 2004 17:52
>> To: group study
>> Subject: MQC to filter MIME-types
>>
>>
>> If you wanted to filter out all picture files from entering an
>> interface, would you have to specify every extension, using MQC? Or is
>> there a way to filter them all at once?
>>
>> E.g. match protocol http mime "*jpeg"
>> E.g. match protocol http mime "*tiff"
>> E.g. match protocol http mime "*jpg"
>> E.g. match protocol http mime "*gif"
>> E.g. match protocol http mime "*bmp"
>>
>> ______________________________________________________________________ >>
_
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>> *********************************************************
>> CONFIDENTIALITY NOTICE
>> The information contained in this e-mail and any
>> attachments to it are for the exclusive use of the
>> intended recipient(s).
>> It may be confidential and contain privileged information and will be
> protected by copyright.
>> If you are not the intended recipient(s) you must not review, copy,
> distribute or in any other way use or rely on the information contained
> in the message.
>>
>> If you have received this e-mail in error, please notify us by e-mail
> Administrator@itex.je, Tel: +44 1534 633633 or Fax: +44 1534 633644 and
> then delete all copies from your system.
>>
>> http://www.Itex.je
>> http://www.Itex.gg
>> http://www.ThisisJersey.com
>> http://www.ThisisGuernsey.com
>>
>> *********************************************************
>>
>> This message has been checked for all known viruses by e:)scan. For
> further information visit: http://www.activis.com/
>>
>>
>
>
>
> *********************************************************
> CONFIDENTIALITY NOTICE
> The information contained in this e-mail and any
> attachments to it are for the exclusive use of the
> intended recipient(s).
> It may be confidential and contain privileged information and will be
> protected by copyright.
> If you are not the intended recipient(s) you must not review, copy,
> distribute or in any other way use or rely on the information
> contained in the message.
>
> If you have received this e-mail in error, please notify us by e-mail
> Administrator@itex.je, Tel: +44 1534 633633 or Fax: +44 1534 633644
> and then delete all copies from your system.
>
> http://www.Itex.je
> http://www.Itex.gg
> http://www.ThisisJersey.com
> http://www.ThisisGuernsey.com
>
> *********************************************************
>
> This message has been checked for all known viruses by e:)scan. For
> further information visit: http://www.activis.com/
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
-- There is more to life than increasing its speed. - Mahatma GhandiJoseph Rothstein Ridlerstr. 32 80339 Munich Germany
ziutek@mac.com http://www.geocities.com/jozek444 http://www.rothstein.no-ip.org/ http://waywardgenuses.blogspot.com/ http://ziutek.journalspace.com/
This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:46 GMT-3