Re: Traffic Filtering Question IE LAB3

From: Kal Han (calikali2006@gmail.com)
Date: Sat Jan 20 2007 - 23:04:36 ART

• Next message: Ming Ki Au: "Re: Avoiding Discard and Traffic Shaping Question:"
• Previous message: Nick Griffin: "NAT Logic"
• Maybe in reply to: Edouard Zorrilla: "Traffic Filtering Question IE LAB3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I dont have the material but here is what it looks like.

question 1) the question clearly says
Configure R6 to drop any http packets containing this
string *before forwarding the packet out either Gi eth. Interface*.
--> so they are referring to an *output* service policy on both the
interfaces.
But you configured an input policy. which will work but
wont answer the question. Watch out the wording.

question 2) That CLI usage depends on what version of IOS
you are using. Earlier versions didnt have the "drop" option
you configured. You just have to use what they (IE) did if its an
older IOS version. Not sure when the "drop" is introduced
but im assuming its after 12.2 Mainline.

HTH
Kal

On 1/20/07, Edouard Zorrilla <ezorrilla@tsf.com.pe> wrote:
>
> Hello people,
>
> I got the next topology:
>
>
> __gi0/0
> |
> |
> BB1 - - - - (Serial0/3/0) PPPoFR - - - - R6
> |
> |__gi0/1
>
>
>
> The question ask:
>
> Configuring R6 to prevent the worm from coming in from BB1. The worm send
> the
> following string to the web server on port 80. "ALL YOUR BASE". Configure
> R6
> to drop any http packets containing this string before forwarding the
> packet
> out either Gi eth. Interface.
>
> The solution says:
> ############
> ip cef
> class-map match-all WORM
> match protocol http url "*ALL YOUR BASE*"
>
> policy-map MITIGATE_WORM
> class WORM
> policy 8000 conform-action drop exceed-actio drop
>
> interface gi0/0
> service policy output MITIGATE_WORM
>
> interface gi0/1
> service policy output MITIGATE_WORM
> ############
>
> And I come up with the solution:
>
> ############
> ip cef
> class-map match-all WORM
> match protocol http url "*ALL YOUR BASE*"
>
> policy-map MITIGATE_WORM
> class WORM
> drop
>
> interface Serial0/3/0
> frame-relay interface-dlci 301 ppp Virtual-Template1
>
> interface Virtual-Template1
> service-policy input MITIGATE_WORM
> ############
>
> My question is:
>
> 1.- Why do I need to use the Gi0/0 and Gi0/1 to apply the service policy
> if I
> can use the serial (virtual-template) ?
> 2.- Why to use "policy 8000 conform-action drop exceed-actio drop" instead
> of
> just a "drop" ?
>
> Thanks a lot.
> Regards

• Next message: Ming Ki Au: "Re: Avoiding Discard and Traffic Shaping Question:"
• Previous message: Nick Griffin: "NAT Logic"
• Maybe in reply to: Edouard Zorrilla: "Traffic Filtering Question IE LAB3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:57 ART