Re: NBAR Not matching !

From: Munsar (munsar@optonline.net)
Date: Sun Jun 05 2005 - 12:42:39 GMT-3

• Next message: CCIE: "Re: NBAR Not matching !"
• Previous message: George Cassels: "RE: new ACL usage ???"
• Maybe in reply to: CCIE: "NBAR Not matching !"
• Next in thread: CCIE: "Re: NBAR Not matching !"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I did not see NBAR configured under the interface by using "ip nbar
protocol-discovery" command. Do you that enabled? Thx.

----- Original Message -----
From: "CCIE" <ccie@gannons.net>
To: "Group Study" <ccielab@groupstudy.com>
Sent: Sunday, June 05, 2005 9:00 AM
Subject: NBAR Not matching !

> Have being reading the NBAR post so I decide to do some
> simple testing. I setup 150.1.7.7 behind router 3 with
> a HTTP server in my case its a router running "ip http server".
>
> I can not get a simple url match to work at all. See the
> config snippets below:
>
> !
> class-map match-all web
> match protocol http url "*test.txt*"
> !
> !
> policy-map web
> class web
> set precedence 7
> !
> interface Serial0/0
> ip address 157.1.123.3 255.255.255.0
> service-policy input web
> !
>
> This is how I generate the HTTP request from a host on
> the other end of the serial link:
>
> Rack1R2#150.1.7.7 80
> Trying 150.1.7.7, 80 ... Open
> GET /test.txt HTTP/1.0
>
> HTTP/1.1 404 Not Found
> Date: Tue, 02 Mar 1993 05:35:36 GMT
> Server: cisco-IOS
> Accept-Ranges: none
>
> 404 Not Found
>
> [Connection to 150.1.7.7 closed by foreign host]
> Rack1R2#
>
>
> However when I check the service policy it is not matching:
>
> Rack1R3#show policy-map in s 0/0
>
> Serial0/0
>
> Service-policy input: web
>
> Class-map: web (match-all)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol http url "*test.txt*"
> QoS Set
> precedence 7
> Packets marked 0
>
> Class-map: class-default (match-any)
> 32 packets, 3668 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
> Rack1R3#
> !
>
>
> Any ideas, I can see HTTP is being recognised by NBAR
> by looking at the protocol discovery stats. Also if I
> change the class map to only look for the protocol HTTP
> I get hits. I have cef enabled ;-) .
>
> Regards,
> Kevin
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: CCIE: "Re: NBAR Not matching !"
• Previous message: George Cassels: "RE: new ACL usage ???"
• Maybe in reply to: CCIE: "NBAR Not matching !"
• Next in thread: CCIE: "Re: NBAR Not matching !"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:40 GMT-3