From: Serhat Aslan (serhatworks@gmail.com)
Date: Tue Jun 26 2007 - 12:20:35 ART
actualy more than then work an extendend access-list does. First by port
number(like extended access-list), then classification sub protocols/etc.
Because it is have to care the the payload for http.
But roughly choice 2 :)
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfclass.htm
<snap>
Classification of HTTP by URL, HOST, or MIME
NBAR can classify application traffic by looking beyond the TCP/UDP port
numbers of a packet. This ability is called subport classification. NBAR
looks into the TCP/UDP payload itself and classifies packets on content
within the payload such as transaction identifier, message type, or other
similar data.
</snap>
Serhat Aslan
On 6/26/07, Antonio Soares <amsoares@netcabo.pt> wrote:
>
> Second option:
>
> ! Traffic from clients to web servers
> permit tcp any any eq www
>
> ! Traffic from web servers to clients
> permit tcp any eq www any
>
> Assuming the web servers are running on the default port :)
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> hadek.el-ayachi@nsn.com
> Sent: terga-feira, 26 de Junho de 2007 15:20
> To: ccielab@groupstudy.com
> Subject: Class-map and extended access-list
>
> Hi experts,
> Please could you tell me what is the true sentence:
>
>
>
> Match protocol http = access-list ext per tcp an an eq www
> OR
> Match protocol http = access-list ext per tcp an an eq www
> access-list ext per tcp an eq www an
>
>
> Thanks in advance
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:51 ART