From: Bob Sinclair (bsin@cox.net)
Date: Mon May 30 2005 - 23:57:01 GMT-3
Simon,
NBAR can be used to identify passive FTP traffic. I was able to lab this up
with a 3620 running 12.2(15)T9. Matched protocol FTP and got hits on a
policy-map for passive-mode ftp upload.
HTH,
Bob Sinclair
CCIE #10427, CCSI 30427, CISSP
www.netmasterclass.net
----- Original Message -----
From: simon hart
To: ccielab@groupstudy.com
Sent: Monday, May 30, 2005 5:04 PM
Subject: Rate Limiting FTP
All,
If one is asked to rate limit FTP then how is this achieved if the FTP
sessions are Passive.
My understanding is that with passive FTP random ports will be created for
the source and destination ports. These ports are communicated via the FTP
control session on port 21.
Now if I classify my traffic using an acl, and I use the key word FTP, then
it is only matching the control traffic on port 21. If I choose the
ftp-data option then I shall be using port 20, but that is for Active
sessions and I am keen to rate limit passive sessions.
If I use Nbar, my understanding is that nbar will only match on the control
channel, is this correct. If that is the case then there is no way to
match
and thus rate limit a passive FTP data channel using either of these
methods.
Any help appreciated
Simon
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.322 / Virus Database: 267.2.0 - Release Date: 27/05/2005
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:03 GMT-3