From: John Matus (jmatus@pacbell.net)
Date: Sun Sep 04 2005 - 01:53:15 GMT-3
.....and i don't have a router in from of me so forgive me
1) can you "match-not" a class? if so..........interesting
2) i forget if you can match just http traffice w/ "match pro http" or if it
has to be "match pro http url *". if the later is the case yours might be
correct.
Regards,
John D. Matus
MCSE, CCNP
Office: 818-782-2061
Cell: 818-430-8372
jmatus@pacbell.net
----- Original Message -----
From: "John Matus" <jmatus@pacbell.net>
To: "John Matus" <jmatus@pacbell.net>; <nhqky888@ybb.ne.jp>;
<ccielab@groupstudy.com>
Sent: Saturday, September 03, 2005 9:49 PM
Subject: Re: match protocol http url
> opps, i put "mpeg" where i meant to put "gif"
>
>
> Regards,
>
> John D. Matus
> MCSE, CCNP
> Office: 818-782-2061
> Cell: 818-430-8372
> jmatus@pacbell.net
> ----- Original Message -----
> From: "John Matus" <jmatus@pacbell.net>
> To: <nhqky888@ybb.ne.jp>; <ccielab@groupstudy.com>
> Sent: Saturday, September 03, 2005 9:45 PM
> Subject: Re: match protocol http url
>
>
>> mmm. i think you match-not statement is off <i think>
>> with this you will first match all http traffice "except" pictures and
>> then drop it
>> that leaves pictures to be matched in class pics where you can police it.
>>
>> class-map match-all http_not_pics
>> match pro http
>> match not pro http url "*.jpg"
>> match not pro mime "*jpg"
>> match not pro http url "*.mgeg"
>> match not pro mime "*.mpeg"
>>
>> class-map match-all pics
>> match pro http url "*.jpg"
>> match pro mime "*jpg"
>> match pro http url "*.mgeg"
>> match pro mime "*.mpeg"
>>
>>
>> policy-map pics
>> class pics
>> police cir 1000000
>> class http_not_pics
>> action drop
>>
>>
>>
>> Regards,
>>
>> John D. Matus
>> MCSE, CCNP
>> Office: 818-782-2061
>> Cell: 818-430-8372
>> jmatus@pacbell.net
>> ----- Original Message -----
>> From: <nhqky888@ybb.ne.jp>
>> To: <ccielab@groupstudy.com>
>> Sent: Saturday, September 03, 2005 9:28 PM
>> Subject: match protocol http url
>>
>>
>>> Hi all,
>>>
>>> Here is a task,
>>>
>>> Inbound http traffic including .gif, .jpeg, .jpg should be limited to
>>> 100K.
>>> All any other http files should be droped.
>>>
>>>
>>> My solution;
>>>
>>>
>>> ip cef
>>> !
>>> class-map match-any police
>>> match protocol http url "*.gif"
>>> match protocol http url "*.jpg"
>>> match protocol http url "*.jpeg"
>>> class-map match-all drop
>>> match not class-map police
>>> match protocol http url "*.*"
>>> !
>>> !
>>> policy-map NBAR
>>> class police
>>> police cir 100000
>>> conform-action transmit
>>> exceed-action drop
>>> class drop
>>> drop
>>> !
>>> interface Ethernet0/0.9
>>> encapsulation dot1Q 9
>>> ip address 1.1.9.3 255.255.255.0
>>> service-policy input NBAR
>>> !
>>>
>>>
>>> Does "*.*" mean any http files on my soluiton?
>>>
>>> Correct me if I am wrong.
>>>
>>>
>>> KY
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:14 GMT-3