Re: NBAR question

From: Ian Blaney (ian.blaney@gmail.com)
Date: Sun Feb 18 2007 - 14:33:47 ART

• Next message: Humphrey Widjaja: "Re: How to copy a bunch of files from FLASH to TFTP server"
• Previous message: Scott Morris: "RE: signing the wall of fame"
• Maybe in reply to: Jo Johnson: "NBAR question"
• Next in thread: Serdar Kut: "Re: NBAR question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Victor

Thanks for the link. The thing that is confusing me is take a look here

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/qos_m1h.htm#wp1128712

In the example section they give an example

The following example classifies, within class map class3, packets
based on the JPEG MIME type:

class-map class3
match protocol http mime "*jpeg"

Have you by any chance tested it?

Cheers
Ian

On 2/18/07, Victor Cappuccio <victor@ccbootcamp.com> wrote:
>
>
>
> Hi Ian
>
> Take a look here that Scott had all ready handled this topic
> http://www.groupstudy.com/archives/ccielab/200609/msg00272.html
>
> thanks,
> Victor Cappuccio.-
> Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take
> Cisco Learning credits!
> victor@ccbootcamp.com
> http://www.ccbootcamp.com (Cisco Training and Rental Racks)
> http://www.ccbootcamp.com/groupstudy.html (groupstudy
> member discounts!)
> Voice: 702-968-5100
> FAX: 702-446-8012
>
>
>
>
> -----Original Message-----
> From: Ian Blaney [mailto:ian.blaney@gmail.com]
> Sent: Sun 2/18/2007 2:38
> To: Victor Cappuccio
> Cc: Jo Johnson; Cisco certification
> Subject: Re: NBAR question
>
> Victor
>
> Could the DIE-SCUM class-map not be shortened to the following
>
> class-map match-all DIE-SCUM
> description DROP IMAGES FROM THAT WEB SERVER
> match class-map IMAGES
> match class-map POLICE
>
> Also to match on images do you not use the mime option instead of url
>
> class-map match-any IMAGES
> description MATCH ANY IMAGE
> match protocol http mime "*jpeg"
> match protocol http mime "*jpg"
> match protocol http mime "*gif"
>
> Ian
>
>
> On 2/18/07, Victor Cappuccio <victor@ccbootcamp.com> wrote:
> > Hi Jo,
> >
> > Try this and let me know your comments
> >
> > policy-map CCBOOTCAMP
> > description THIS PLCY IS TAKEN FROM A DRAFT VERSION OF THE NEW NLI WB
> > class DIE-SCUM
> > drop
> > class POLICE
> > police 64000
> > class class-default
> > !
> >
> > class-map match-any IMAGES
> > description MATCH ANY IMAGE
> > match protocol http url "*.jpg"
> > match protocol http url "*.gif"
> > match protocol http url "*.jpeg"
> >
> > class-map match-all POLICE
> > description LETS POLICE BROWSING TO THAT WEBSERVER
> > match protocol http host "www.acmecomputers.com"
> > match protocol http url "/directory/*"
> > match access-group 100
> >
> > class-map match-all DIE-SCUM
> > description DROP IMAGES FROM THAT WEB SERVER
> > match class-map IMAGES
> > match protocol http host "www.acmecomputers.com"
> > match protocol http url "/directory/*"
> > match access-group 100
> > !
> >
> > access-list 100 permit ip any any
> >
> >
> > int f0/2
> > service-policy inbound CCBOOTCAMP
> >
> >
> > if you need help in the verification, let me know, maybe we can share a
> rack,
> > and explain how to test this.
> >
> > thanks,
> > Victor Cappuccio.-
> > Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take
> > Cisco Learning credits!
> > victor@ccbootcamp.com
> > http://www.ccbootcamp.com (Cisco Training and Rental Racks)
> > http://www.ccbootcamp.com/groupstudy.html (groupstudy
> member discounts!)
> > Voice: 702-968-5100
> > FAX: 702-446-8012
> >
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com on behalf of Jo Johnson
> > Sent: Sat 2/17/2007 13:00
> > To: Cisco certification
> > Subject: NBAR question
> >
> > Hi all,
> >
> > Here is another NBAR question. In general, I have a hard time
> understanding
> > the definition of the "match protocol http (host, url, and mime) command,
> > but I have some examples of my interpretation below:
> >
> >
> > I want to police response traffic from www.acmecomputers.com/files except
> > images--that I want to drop.
> >
> > Question-Is it possible to combine the host www.acmecomputers.com and the
> > url /files into one match statement. Also, what are your thoughts on my
> > solution below?
> >
> > Thanks
> >
> > class-map IMAGES
> > match protocol http url *.jpeg
> > match protocol http url *.jpg
> > match protocol http url *.gif
> >
> > class-map match-all ACME_TRAFFIC
> > match protocol http host www.acmecomputers.com
> > match protocol http url /directory*
> >
> > policy-map DROPIT
> > class IMAGES
> > drop
> >
> > policy-map POLICE
> > class ACME_TRAFFIC
> > service-policy input DROPIT
> > police 640000 conform transmit exceed drop
> >
> >
> > interface fa0/0
> > service-policy input POLICE
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Humphrey Widjaja: "Re: How to copy a bunch of files from FLASH to TFTP server"
• Previous message: Scott Morris: "RE: signing the wall of fame"
• Maybe in reply to: Jo Johnson: "NBAR question"
• Next in thread: Serdar Kut: "Re: NBAR question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:47 ART