Re: NBAR Question

From: Marvin Greenlee (marvingreenlee@yahoo.com)
Date: Tue Nov 28 2006 - 01:23:57 ART

• Next message: Scott Morris: "RE: Ipv6 over Frame-relay"
• Previous message: Lab Rat #109385382: "NBAR Question 2"
• Maybe in reply to: Lab Rat #109385382: "NBAR Question"
• Next in thread: Lab Rat #109385382: "RE: NBAR Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Generally, NBAR will match in both directions, so the
protocol could be either source or dest, which would
be the same as:

access-list 100 permit tcp any any eq www
access-list 100 permit tcp any eq www any

If you know where the web server is, and know that you
only need to match traffic with a destination port of
80, your original access list would work. If you
don't know where the web server is, and are just told
to police the web traffic, make sure to catch in both
directions.

Thanks,
Marvin Greenlee

--- Lab Rat #109385382 <techlist01@gmail.com> wrote:

> If I was asked to match HTTP traffic (to later be
> police'd), is there any
> difference between doing the following:
>
>
>
> class-map HTTP
> match protocol http
>
>
>
> with doing the following:
>
>
>
> access-list 100 permit tcp any any eq www
> class-map HTTP
> match access-group 100
>
>
>
> I've seen it done both ways, and I just want to know
> if there are any
> distinct functional differences between the two
> methods.
>
> Thanks,
>
> Ed
>
>

• Next message: Scott Morris: "RE: Ipv6 over Frame-relay"
• Previous message: Lab Rat #109385382: "NBAR Question 2"
• Maybe in reply to: Lab Rat #109385382: "NBAR Question"
• Next in thread: Lab Rat #109385382: "RE: NBAR Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART