Re: Class-map match

From: Ivan (ivan@iip.net)
Date: Mon Feb 05 2007 - 07:09:24 ART

• Next message: Ivan: "Re: NAT Help, router on a stick with NAT"
• Previous message: Sasa Milic: "Re: NAT Help, router on a stick with NAT"
• Maybe in reply to: Allan : "Class-map match"
• Next in thread: Scott Morris: "RE: Class-map match"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

First case use NBAR to detect http traffic. Therefore it can match not only
WEB server listen on 80 port, but also 8080 or another port. This situation
is rather exotic but possible (www.ripn.net).
Another consideration is NBAR match traffic in both direction. First case
don't define side with WEB-server. Only match source or destination must
reside at 1.1.6.254.
Second case define that web-server must reside at 1.1.6.254.

On Monday 05 February 2007 06:20, Allan wrote:
> Hi, if the two following class-map are same, would like to match http
> traffice to server 1.1.6.254
>
> 1:
> class-map match-all HTTP_SERVER_TRAFFIC
> match access-group name HTTP_SERVER
> match protocol http
>
> ip access-list extended HTTP_SERVER
> permit ip any host 1.1.6.254
>
> 2:
> class-map match-all HTTP_SERVER_TRAFFIC
> match access-group name HTTP_SERVER
>
> ip access-list extended HTTP_SERVER
> permit tcp any host 1.1.6.254 eq www
>
> Allan
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

-- 
Ivan

• Next message: Ivan: "Re: NAT Help, router on a stick with NAT"
• Previous message: Sasa Milic: "Re: NAT Help, router on a stick with NAT"
• Maybe in reply to: Allan : "Class-map match"
• Next in thread: Scott Morris: "RE: Class-map match"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:46 ART