From: ccie2be (ccie2be@nyc.rr.com)
Date: Thu Mar 03 2005 - 09:49:18 GMT-3
Mariusz,
Sorry, I can't answer that question.
Cisco has been adding new things to nbar like crazy. I think it depends on
the IOS release and the feature set. But, all in all, there are about 100
or so protocols that nbar matches. You'll know that you have most of them
if you do a match prot ? and get over 4 screens of listings.
Here are the first 2 screens:
r1(config)#class-map show-nbar-prot
r1(config-cmap)#mat prot ?
aarp AppleTalk ARP
appletalk AppleTalk
arp IP ARP
bgp Border Gateway Protocol
bridge Bridging
bstun Block Serial Tunnel
cdp Cisco Discovery Protocol
citrix Citrix Traffic
clns ISO CLNS
clns_es ISO CLNS End System
clns_is ISO CLNS Intermediate System
cmns ISO CMNS
compressedtcp Compressed TCP
cuseeme CU-SeeMe desktop video conference
custom-01 Custom protocol custom-01
custom-02 Custom protocol custom-02
custom-03 Custom protocol custom-03
custom-04 Custom protocol custom-04
custom-05 Custom protocol custom-05
custom-06 Custom protocol custom-06
custom-07 Custom protocol custom-07
custom-08 Custom protocol custom-08
custom-09 Custom protocol custom-09
custom-10 Custom protocol custom-10
decnet DECnet
decnet_node DECnet Node
decnet_router-l1 DECnet Router L1
decnet_router-l2 DECnet Router L2
dhcp Dynamic Host Configuration
dlsw Data Link Switching (Direct encapsulation only)
dns Domain Name Server lookup
egp Exterior Gateway Protocol
eigrp Enhanced Interior Gateway Routing Protocol
exchange MS-RPC for Exchange
fasttrack FastTrack Traffic - KaZaA, Morpheus, Grokster...
finger Finger
ftp File Transfer Protocol
gnutella Gnutella Traffic - BearShare,LimeWire,Gnotella...
gopher Gopher
gre Generic Routing Encapsulation
http World Wide Web traffic
icmp Internet Control Message
imap Internet Message Access Protocol
ip IP
ipinip IP in IP (encapsulation)
--More--
HTH, Tim
-----Original Message-----
From: Gajewski Mariusz [mailto:Mariusz.Gajewski@telekomunikacja.pl]
Sent: Thursday, March 03, 2005 6:59 AM
To: ccie2be; ccielab@groupstudy.com
Subject: RE: RE: Setting the DE bit in frame relay [bcc][faked-from]
Hi Tim,
are the line: match proto ospf , available w/o additional pdlm ? My
soft is C2600-JK8S-M), Version 12.2(15)T9 , and per default there is no
ospf.
Thanks,
Mariusz
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Wednesday, March 02, 2005 11:13 PM
To: 'marvin greenlee'; ccielab@groupstudy.com
Subject: RE: RE: Setting the DE bit in frame relay [bcc][faked-from]
It's been a while so the config I showed may have been a bit different from
what I actually used.
The actual config I used definitely didn't bring down the interface because
I would have lost my ospf adjacencies and that didn't happen.
Maybe the config was like this:
Class-map OSPF
Match prot ospf
Policy-map SET-DE
class OSPF
class class-default
set fr-de
int s0/0
service-policy output SET-DE
After my last failed lab attempt where I lost most of the points in the QoS
section even though I felt I knew QoS pretty well, I went back and did
extensive testing - probably over 100 hours worth and I learned that some
MQC config's don't work as they should.
As a result of all this testing I concluded a few things:
1) Knowing QoS thoroughly is a son-of-a-bitch because it's such a huge
topic - even if you know everything in the DQoS book by Odom it's not
enough.
2) Occasionally, the only way do some things is by using the legacy
commands
3) Occasionally, even though the config is correct and should work, it
doesn't. So, it's imperative to know how to verify your results and know
different ways of doing the same thing.
Like it or not, QoS might be in the lab in a very big way and at a high
level of difficulty. Therefore, it can make the difference between passing
or failing the lab. So, even though many might not think of QoS as a "core"
topic, I think all ccie candidates should know and practice QoS as much as
they do other lab topics like f/r, ospf and bgp.
-----Original Message-----
From: marvin greenlee [mailto:marvin@ccbootcamp.com]
Sent: Wednesday, March 02, 2005 4:42 PM
To: 'ccie2be'; ccielab@groupstudy.com
Subject: RE: RE: Setting the DE bit in frame relay [bcc][faked-from]
Tim,
Not sure what your results were when using the policy below, but when I
tried it, the policy took down the line protocol on the interface, as it
seemed to interfere with the keepalives. With keepalives off, or with the
addition of "match protocol ip" to the "match not protocol ospf", with the
class set to 'match-all' it seemed to work fine.
Marvin Greenlee, CCIE#12237, CCSI# 30483
Network Learning Inc
marvin@ccbootcamp.com
www.ccbootcamp.com (Cisco Training)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Wednesday, March 02, 2005 1:22 PM
To: gladston@br.ibm.com; ccielab@groupstudy.com
Subject: RE: RE: Setting the DE bit in frame relay [bcc][faked-from]
Importance: Low
The idea in that code is to set the DE bit on all traffic except ospf.
As I recall, the config below didn't work as expected - not because the
config is incorrect but because of how IOS works or sometimes doesn't.
So, my point is to make sure the config is working as expected by knowing
how to verify the operations that are suppose to be taking place.
It's virtually impossible to test every possible configuration variation
prior to the lab to see what works and what doesn't. So, the only recourse
you have is to know how to verify your results and if you don't get the
results you were expecting, knowing how to alter your config until you do
get the results you need.
HTH, Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: Wednesday, March 02, 2005 3:15 PM
To: ccielab@groupstudy.com
Subject: Re: RE: Setting the DE bit in frame relay
==============
quoted
Class-map NOT-OSPF
Match not prot ospf
Policy-map SET-DE
Class NOT-OSPF
set fr-de
int s0/0
service-policy output SET-DE
==================
Tim,
Would "match not prot ospf" match any other packets?
Once I used "match access-group name..." and it did not worked until I
change it to numbered access-list. The platform was 6509, native mode.
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:39 GMT-3