From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Tue Sep 26 2006 - 22:27:26 ART
Hi Joe,
I would highly appreciate to know, if you find the way to log packets that
matches a class map, but for now just this:
R5#show policy-map int e0/0
Ethernet0/0
Service-policy output: p2p
Class-map: p2p (match-all)
0 packets, 0 bytes <------
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol kazaa2
Match: protocol fasttrack
Match: protocol gnutella
Match: protocol napster
drop
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
--> Here you can see how many packets have been drop by the Router in number
of bytes and number of packets
I just lab this out but matching another Class of Traffic (ICMP)
R2(config)#access-list 123 permit icmp any any
R2(config)#class-map ICMP
R2(config-cmap)#ma access-gr 123
R2(config-cmap)#exit
R2(config)#policy-map ICMP
R2(config-pmap)#class ICMP
R2(config-pmap-c)#drop
R2(config-pmap-c)#exit
R2(config-pmap)#int f0/0
R2(config-if)#do ping 155.1.2.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.1.2.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R2(config-if)#service-policy output ICMP
R2(config-if)#do ping 155.1.2.7 rep 2
Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 155.1.2.7, timeout is 2 seconds:
..
Success rate is 0 percent (0/2)
R2(config-if)#do show policy int f0/0
FastEthernet0/0
Service-policy output: ICMP
Class-map: ICMP (match-all)
2 packets, 228 bytes <<<------ see denied 2 ICMP Echos to that IP Add
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 123
drop
Class-map: class-default (match-any)
5 packets, 360 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
R2(config-if)#! The only problem with this "Type of Log" is that is subject
R2(config-if)#! to the Clear conters
R2(config-if)#do clear count
Clear "show interface" counters on all interfaces [confirm]
R2(config-if)#
R2(config-if)#
*Mar 2 13:27:34.591: %CLEAR-5-COUNTERS: Clear counter on all interfaces by
console
R2(config-if)#do ping 155.1.2.7 rep 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 155.1.2.7, timeout is 2 seconds:
.
Success rate is 0 percent (0/1)
R2(config-if)#do show policy int f0/0
FastEthernet0/0
Service-policy output: ICMP
Class-map: ICMP (match-all)
1 packets, 114 bytes <--- Because the previous clear count
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 123
drop
Class-map: class-default (match-any)
3 packets, 514 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
R2(config-if)#
Saludos,
Victor.-
-----Mensaje original-----
De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de Joe
Clyde
Enviado el: Martes, 26 de Septiembre de 2006 05:06 p.m.
Para: ccielab@groupstudy.com
Asunto: CBWFQ and logging
Is there a way to log the traffic that you drop through a service
policy? When I try to match, under the class-map, on an access list with
the "log" statement I get an error...
r2(config)#ip access-list extended 101
r2(config-ext-nacl)#permit tcp any any eq ftp log
r2(config)#class-map foo
r2(config-cmap)#match access-group 101
****access-lists with 'log' keyword are not supported****
Here is an example config (unrelated to the above access list)...can you
log the dropped traffic and if so, how? It seems like you can't use an
access list, so are there options under the class-map, policy-map, or
service-policy?
EG.
class-map match-all p2p
match protocol kazaa2
match protocol fasttrack
match protocol gnutella
match protocol napster
policy-map p2p
class p2p
drop
interface FastEthernet0/0
description to-->r1
ip address 150.50.12.2 255.255.255.0
duplex auto
speed auto
service-policy output p2p
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:41 ART