RE: NBAR question

From: Scott Morris (swm@emanon.com)
Date: Mon Feb 19 2007 - 12:01:02 ART

• Next message: Scott Morris: "RE: OT: Bachelors degree in Computer Networking"
• Previous message: Serhat Aslan: "Re: OT: Bachelors degree in Computer Networking"
• Maybe in reply to: Jo Johnson: "NBAR question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The header fields weren't added until 12.4(2)T, so they will not be on the
lab at this point in time.

HTH,

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPexpert VP - Curriculum Development
IPexpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
 
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Serdar Kut
Sent: Monday, February 19, 2007 2:01 AM
To: Ian Blaney
Cc: Victor Cappuccio; Jo Johnson; Cisco certification
Subject: Re: NBAR question

hi guys,

for matching the whole url, what about handling it with s-header-field for
http pakets coming from webserver or c-header-field for http packets coming
from clients??with that command it seems that we can match the whole url
with this command only.

check this

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r
/qos_m1h.htm#wp1128712

On 2/18/07, Ian Blaney <ian.blaney@gmail.com> wrote:
>
> Hi Victor
>
> Thanks for the link. The thing that is confusing me is take a look
> here
>
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/
> hqos_r/qos_m1h.htm#wp1128712
>
> In the example section they give an example
>
> The following example classifies, within class map class3, packets
> based on the JPEG MIME type:
>
> class-map class3
> match protocol http mime "*jpeg"
>
> Have you by any chance tested it?
>
> Cheers
> Ian
>
>
>
> On 2/18/07, Victor Cappuccio <victor@ccbootcamp.com> wrote:
> >
> >
> >
> > Hi Ian
> >
> > Take a look here that Scott had all ready handled this topic
> > http://www.groupstudy.com/archives/ccielab/200609/msg00272.html
> >
> > thanks,
> > Victor Cappuccio.-
> > Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We
> > take Cisco Learning credits!
> > victor@ccbootcamp.com
> > http://www.ccbootcamp.com (Cisco Training and Rental Racks)
> > http://www.ccbootcamp.com/groupstudy.html (groupstudy member
> > discounts!)
> > Voice: 702-968-5100
> > FAX: 702-446-8012
> >
> >
> >
> >
> > -----Original Message-----
> > From: Ian Blaney [mailto:ian.blaney@gmail.com]
> > Sent: Sun 2/18/2007 2:38
> > To: Victor Cappuccio
> > Cc: Jo Johnson; Cisco certification
> > Subject: Re: NBAR question
> >
> > Victor
> >
> > Could the DIE-SCUM class-map not be shortened to the following
> >
> > class-map match-all DIE-SCUM
> > description DROP IMAGES FROM THAT WEB SERVER
> > match class-map IMAGES
> > match class-map POLICE
> >
> > Also to match on images do you not use the mime option instead of
> > url
> >
> > class-map match-any IMAGES
> > description MATCH ANY IMAGE
> > match protocol http mime "*jpeg"
> > match protocol http mime "*jpg"
> > match protocol http mime "*gif"
> >
> > Ian
> >
> >
> > On 2/18/07, Victor Cappuccio <victor@ccbootcamp.com> wrote:
> > > Hi Jo,
> > >
> > > Try this and let me know your comments > > policy-map
> > CCBOOTCAMP > description THIS PLCY IS TAKEN FROM A DRAFT VERSION
> > OF THE NEW NLI
> WB
> > > class DIE-SCUM
> > > drop
> > > class POLICE
> > > police 64000
> > > class class-default
> > > !
> > >
> > > class-map match-any IMAGES
> > > description MATCH ANY IMAGE
> > > match protocol http url "*.jpg"
> > > match protocol http url "*.gif"
> > > match protocol http url "*.jpeg"
> > >
> > > class-map match-all POLICE
> > > description LETS POLICE BROWSING TO THAT WEBSERVER > match
> > protocol http host "www.acmecomputers.com"
> > > match protocol http url "/directory/*"
> > > match access-group 100
> > >
> > > class-map match-all DIE-SCUM
> > > description DROP IMAGES FROM THAT WEB SERVER > match class-map
> > IMAGES > match protocol http host "www.acmecomputers.com"
> > > match protocol http url "/directory/*"
> > > match access-group 100
> > > !
> > >
> > > access-list 100 permit ip any any > > > int f0/2 >
> > service-policy inbound CCBOOTCAMP > > > if you need help in the
> > verification, let me know, maybe we can share
> a
> > rack,
> > > and explain how to test this.
> > >
> > > thanks,
> > > Victor Cappuccio.-
> > > Network Learning Inc - A Cisco Sponsored Organization (SO) YES!
> > We
> take
> > > Cisco Learning credits!
> > > victor@ccbootcamp.com
> > > http://www.ccbootcamp.com (Cisco Training and Rental Racks) >
> > http://www.ccbootcamp.com/groupstudy.html (groupstudy member
> > discounts!) > Voice: 702-968-5100 > FAX: 702-446-8012 > > > >
> > > -----Original Message----- > From: nobody@groupstudy.com on
> > behalf of Jo Johnson > Sent: Sat 2/17/2007 13:00 > To: Cisco
> > certification > Subject: NBAR question > > Hi all, > > Here is
> > another NBAR question. In general, I have a hard time understanding
> > > the definition of the "match protocol http (host, url, and mime)
> command,
> > > but I have some examples of my interpretation below:
> > >
> > >
> > > I want to police response traffic from
> > www.acmecomputers.com/filesexcept > images--that I want to drop.
> > >
> > > Question-Is it possible to combine the host www.acmecomputers.com
> > and
> the
> > > url /files into one match statement. Also, what are your
> > thoughts on
> my
> > > solution below?
> > >
> > > Thanks
> > >
> > > class-map IMAGES
> > > match protocol http url *.jpeg
> > > match protocol http url *.jpg
> > > match protocol http url *.gif
> > >
> > > class-map match-all ACME_TRAFFIC
> > > match protocol http host www.acmecomputers.com > match protocol
> > http url /directory* > > policy-map DROPIT > class IMAGES > drop
> > > > policy-map POLICE > class ACME_TRAFFIC > service-policy input
> > DROPIT > police 640000 conform transmit exceed drop > > >
> > interface fa0/0 > service-policy input POLICE > >
> > ____________________________________________________________________
> > ___ > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > ____________________________________________________________________
> > ___ > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Scott Morris: "RE: OT: Bachelors degree in Computer Networking"
• Previous message: Serhat Aslan: "Re: OT: Bachelors degree in Computer Networking"
• Maybe in reply to: Jo Johnson: "NBAR question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:47 ART