Re: NBAR Not matching !

From: CCIE (ccie@gannons.net)
Date: Sun Jun 05 2005 - 12:48:09 GMT-3

• Next message: Bob Sinclair: "Re: NBAR Not matching !"
• Previous message: Munsar: "Re: NBAR Not matching !"
• Maybe in reply to: CCIE: "NBAR Not matching !"
• Next in thread: Bob Sinclair: "Re: NBAR Not matching !"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This is not needed its only handy if you want see what traffic is on the
link.
 However just to be certain I enabled it without any luck.

Regards,
Kevin

> I did not see NBAR configured under the interface by using "ip nbar
> protocol-discovery" command. Do you that enabled? Thx.
>
> ----- Original Message ----- From: "CCIE" <ccie@gannons.net>
> To: "Group Study" <ccielab@groupstudy.com>
> Sent: Sunday, June 05, 2005 9:00 AM
> Subject: NBAR Not matching !
>
>
>> Have being reading the NBAR post so I decide to do some
>> simple testing. I setup 150.1.7.7 behind router 3 with
>> a HTTP server in my case its a router running "ip http server".
>>
>> I can not get a simple url match to work at all. See the
>> config snippets below:
>>
>> !
>> class-map match-all web
>> match protocol http url "*test.txt*"
>> !
>> !
>> policy-map web
>> class web
>> set precedence 7
>> !
>> interface Serial0/0
>> ip address 157.1.123.3 255.255.255.0
>> service-policy input web
>> !
>>
>> This is how I generate the HTTP request from a host on
>> the other end of the serial link:
>>
>> Rack1R2#150.1.7.7 80
>> Trying 150.1.7.7, 80 ... Open
>> GET /test.txt HTTP/1.0
>>
>> HTTP/1.1 404 Not Found
>> Date: Tue, 02 Mar 1993 05:35:36 GMT
>> Server: cisco-IOS
>> Accept-Ranges: none
>>
>> 404 Not Found
>>
>> [Connection to 150.1.7.7 closed by foreign host]
>> Rack1R2#
>>
>>
>> However when I check the service policy it is not matching:
>>
>> Rack1R3#show policy-map in s 0/0
>>
>> Serial0/0
>>
>> Service-policy input: web
>>
>> Class-map: web (match-all)
>> 0 packets, 0 bytes
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> Match: protocol http url "*test.txt*"
>> QoS Set
>> precedence 7
>> Packets marked 0
>>
>> Class-map: class-default (match-any)
>> 32 packets, 3668 bytes
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> Match: any
>> Rack1R3#
>> !
>>
>>
>> Any ideas, I can see HTTP is being recognised by NBAR
>> by looking at the protocol discovery stats. Also if I
>> change the class map to only look for the protocol HTTP
>> I get hits. I have cef enabled ;-) .
>>
>> Regards,
>> Kevin
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Bob Sinclair: "Re: NBAR Not matching !"
• Previous message: Munsar: "Re: NBAR Not matching !"
• Maybe in reply to: CCIE: "NBAR Not matching !"
• Next in thread: Bob Sinclair: "Re: NBAR Not matching !"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:40 GMT-3