From: Groupstudy (groupstudy@american-hero.com)
Date: Mon Mar 28 2005 - 15:11:58 GMT-3
Just a quick guess, but I didn't see NBAR protocol discovery enabled on
any interfaces.
Matt White wrote:
> I'm perplexed why, in the following configuration, http is not matched
> outbound unless I classify it first coming in the f1/0 interface.
> Otherwise, it's like it doesn't see the HTTP packets in the policy.
>
> Any help would be appreciated... (I bet someone will know exactly what
> I mean here.)
>
> Thank you.
>
>
> R3#sh run
> Building configuration...
>
> Current configuration : 2054 bytes
> !
> version 12.2
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname R3
> !
> logging queue-limit 100
> !
> ip subnet-zero
> !
> !
> no ip domain lookup
> !
> ip cef
> !
> !
> !
> !
> !
> !
> !
> !
> !
> no voice hpi capture buffer
> no voice hpi capture destination
> !
> !
> mta receive maximum-recipients 0
> !
> !
> class-map match-all BANDWIDTH
> match protocol http
> !
> !
> policy-map BANDWIDTH
> class BANDWIDTH
> bandwidth 128
> class class-default
> fair-queue
> random-detect
> policy-map SHAPE
> class class-default
> shape average 384000 3840
> shape max-buffers 2048
> service-policy BANDWIDTH
> !
> !
> !
> !
> interface Loopback0
> ip address 19.19.19.5 255.255.255.255
> ip ospf network point-to-point
> !
> interface Ethernet0/0
> no ip address
> shutdown
> half-duplex
> !
> interface Serial0/0
> no ip address
> encapsulation frame-relay
> no keepalive
> no frame-relay inverse-arp
> !
> interface Serial0/0.666 point-to-point
> bandwidth 768
> ip address 19.19.19.2 255.255.255.252
> frame-relay interface-dlci 666
> class SHAPE
> !
> interface FastEthernet1/0
> ip address 19.19.19.129 255.255.255.128
> duplex auto
> speed auto
> !
> interface Serial1/0
> no ip address
> shutdown
> clockrate 125000
> !
> interface FastEthernet1/1
> no ip address
> shutdown
> duplex auto
> speed auto
> !
> interface Serial1/1
> no ip address
> shutdown
> clockrate 125000
> !
> router ospf 1
> router-id 3.3.3.3
> log-adjacency-changes
> network 19.19.19.2 0.0.0.0 area 0
> network 19.19.19.5 0.0.0.0 area 0
> network 19.19.19.129 0.0.0.0 area 0
> !
> ip http server
> ip classless
> !
> !
> !
> !
> map-class frame-relay SHAPE
> frame-relay end-to-end keepalive mode passive-reply
> service-policy output SHAPE
> frame-relay fragment 960
> !
> !
> call rsvp-sync
> !
> !
> mgcp profile default
> !
> dial-peer cor custom
> !
> !
> !
> !
> line con 0
> exec-timeout 0 0
> privilege level 15
> logging synchronous
> line aux 0
> line vty 0 4
> login
> !
> !
> end
>
> R3#
>
>
>
>
>
> Service-policy output: SHAPE
>
> Class-map: class-default (match-any)
> 3845 packets, 529413 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
> Traffic Shaping
> Target/Average Byte Sustain Excess Interval Increment
> Rate Limit bits/int bits/int (ms) (bytes)
> 384000/384000 960 3840 3840 10 480
>
> Adapt Queue Packets Bytes Packets Bytes Shaping
> Active Depth Delayed Delayed Active
> - 0 3864 529603 45 23663 no
>
> Service-policy : BANDWIDTH
>
> Class-map: BANDWIDTH (match-all)
> 1677 packets, 262053 bytes <----------This does not increment
> unless I match inbound on f1/0 and classify the HTTP... Don't necessary
> need to change the class-map to reflect what it matches either???
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol http
> Queueing
> Output Queue: Conversation 41
> Bandwidth 128 (kbps) Max Threshold 64 (packets)
> (pkts matched/bytes matched) 1677/262053
> (depth/total drops/no-buffer drops) 0/0/0
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:53 GMT-3