RE: NBAR question

From: Victor Cappuccio (victor@ccbootcamp.com)
Date: Sat Feb 17 2007 - 22:42:39 ART

• Next message: wilson@wilsonch.gotdns.com: "Re: IPExpert R&S WB8.0 [OSPF Lab 5] - Cant set neighbor command"
• Previous message: Sean C.: "Re: How to read a question (Trunking)"
• Maybe in reply to: Jo Johnson: "NBAR question"
• Next in thread: Ian Blaney: "Re: NBAR question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Jo,

Try this and let me know your comments

policy-map CCBOOTCAMP
 description THIS PLCY IS TAKEN FROM A DRAFT VERSION OF THE NEW NLI WB
 class DIE-SCUM
   drop
 class POLICE
   police 64000
 class class-default
!

class-map match-any IMAGES
 description MATCH ANY IMAGE
 match protocol http url "*.jpg"
 match protocol http url "*.gif"
 match protocol http url "*.jpeg"

class-map match-all POLICE
 description LETS POLICE BROWSING TO THAT WEBSERVER
 match protocol http host "www.acmecomputers.com"
 match protocol http url "/directory/*"
 match access-group 100

class-map match-all DIE-SCUM
 description DROP IMAGES FROM THAT WEB SERVER
 match class-map IMAGES
 match protocol http host "www.acmecomputers.com"
 match protocol http url "/directory/*"
 match access-group 100
!

access-list 100 permit ip any any

int f0/2
service-policy inbound CCBOOTCAMP

if you need help in the verification, let me know, maybe we can share a rack,
and explain how to test this.

thanks,
Victor Cappuccio.-
Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take
Cisco Learning credits!
victor@ccbootcamp.com
http://www.ccbootcamp.com (Cisco Training and Rental Racks)
http://www.ccbootcamp.com/groupstudy.html (groupstudy member discounts!)
Voice: 702-968-5100
FAX: 702-446-8012

-----Original Message-----
From: nobody@groupstudy.com on behalf of Jo Johnson
Sent: Sat 2/17/2007 13:00
To: Cisco certification
Subject: NBAR question

Hi all,

Here is another NBAR question. In general, I have a hard time understanding
the definition of the "match protocol http (host, url, and mime) command,
but I have some examples of my interpretation below:

I want to police response traffic from www.acmecomputers.com/files except
images--that I want to drop.

Question-Is it possible to combine the host www.acmecomputers.com and the
url /files into one match statement. Also, what are your thoughts on my
solution below?

Thanks

class-map IMAGES
match protocol http url *.jpeg
 match protocol http url *.jpg
 match protocol http url *.gif

class-map match-all ACME_TRAFFIC
match protocol http host www.acmecomputers.com
match protocol http url /directory*

policy-map DROPIT
class IMAGES
drop

policy-map POLICE
class ACME_TRAFFIC
service-policy input DROPIT
police 640000 conform transmit exceed drop

interface fa0/0
service-policy input POLICE

• Next message: wilson@wilsonch.gotdns.com: "Re: IPExpert R&S WB8.0 [OSPF Lab 5] - Cant set neighbor command"
• Previous message: Sean C.: "Re: How to read a question (Trunking)"
• Maybe in reply to: Jo Johnson: "NBAR question"
• Next in thread: Ian Blaney: "Re: NBAR question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:47 ART