From: Scott Morris (swm@emanon.com)
Date: Sun Jun 05 2005 - 16:53:45 GMT-3
Bob, you picqued my interest a bit here....
I set it up with router's telnetting to the port 80 server... Nothing
listed as being marked...
Then I decided to trying things with a "real" web browser. Still nothing
listed as being marked, but it did indeed work.
I set my policy up to drop the match protocol http url "*test.txt*" and then
went to http://(ip)/ first to verify my server was working (oh yeah, do "ip
http server" also!) and then tried a few other files and links afterwards.
Without the policy enabled, I would immediately either get a page returned
or a blank page if the file didn't exist.
As soon as I put my service-policy on, when I looked for any file or link
OTHER than test.txt, the return was immediate. With test.txt, the little
hourglass thing kept on running as it it were waiting for a response.
Do the packet was dropped as it should, although with "show policy-map
testing" nothing was listed as being matched and dropped.
So my guess is that we are simply looking at a logging/matching/reporting
issue here, not one of functionality!
And the router did bitch at me about CEF needing to be enabled, but the
results did NOT vary whether discovery was or was not enabled. And per my
other experiences with NBAR in real life, it does not need to be enabled in
order to function.
HTH,
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Bob
Sinclair
Sent: Sunday, June 05, 2005 12:12 PM
To: CCIE; Group Study
Subject: Re: NBAR Not matching !
Tim,
Though I see no documentation claiming this, it seems to be the case on my
box that protocol-discovery is required, as Munsar suggests. This may be
version dependent, but a recreation of your test works fine on my box with
protocol discovery enabled on the interface, and not at all if not.
IOS (tm) 3600 Software (C3620-IK9O3S6-M), Version 12.2(15)T9,
Have you tried rebooting? Is CEF enabled? Tried matching some other
protocols? Tried applying outbound?
HTH,
Bob Sinclair
CCIE #10427, CCSI 30427, CISSP
www.netmasterclass.net
----- Original Message -----
From: CCIE
To: Group Study
Sent: Sunday, June 05, 2005 9:00 AM
Subject: NBAR Not matching !
Have being reading the NBAR post so I decide to do some
simple testing. I setup 150.1.7.7 behind router 3 with
a HTTP server in my case its a router running "ip http server".
I can not get a simple url match to work at all. See the
config snippets below:
!
class-map match-all web
match protocol http url "*test.txt*"
!
!
policy-map web
class web
set precedence 7
!
interface Serial0/0
ip address 157.1.123.3 255.255.255.0
service-policy input web
!
This is how I generate the HTTP request from a host on
the other end of the serial link:
Rack1R2#150.1.7.7 80
Trying 150.1.7.7, 80 ... Open
GET /test.txt HTTP/1.0
HTTP/1.1 404 Not Found
Date: Tue, 02 Mar 1993 05:35:36 GMT
Server: cisco-IOS
Accept-Ranges: none
404 Not Found
[Connection to 150.1.7.7 closed by foreign host]
Rack1R2#
However when I check the service policy it is not matching:
Rack1R3#show policy-map in s 0/0
Serial0/0
Service-policy input: web
Class-map: web (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*test.txt*"
QoS Set
precedence 7
Packets marked 0
Class-map: class-default (match-any)
32 packets, 3668 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Rack1R3#
!
Any ideas, I can see HTTP is being recognised by NBAR
by looking at the protocol discovery stats. Also if I
change the class map to only look for the protocol HTTP
I get hits. I have cef enabled ;-) .
Regards,
Kevin
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3