From: Salau, Yemi (yemi.salau@siemens.com)
Date: Tue Sep 04 2007 - 10:04:58 ART
See, I believe this works because I have used it and still use it, take
a loko at this dump from Routers that connects thus:
Rack1R3----Rack1R4----Rack1R1; with Rack1R4 in between Rack1R3 and
Rack1R1. Rack1R4 is configured with the policy-map, Rack1R3 as a web
server, and Rack1R1 for testing the downloads. This certainly works,
even with class-map "match-any/match-all" TEST2; I will suggest looking
into configurations/IOS Bug or direction of application of policy-map. I
have applied my own policy map inbound on Rack1R4's interface which
connects to Rack1R1.
Rack1R4#sh policy-map int s1/0
Serial1/0
Service-policy input: DROP2
Class-map: TEST2 (match-all)
18 packets, 2641 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*.gif|*.jpg|*.jpeg"
drop
Class-map: class-default (match-any)
24 packets, 1675 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Rack1R4#sh run | b class-map match-all
!
class-map match-all TEST2
match protocol http url "*.gif|*.jpg|*.jpeg"
!
!
policy-map DROP
class IMAGES
drop
!
Rack1R3#copy start flash:test.gif
Rack1R3#copy start flash:test.jpg
Rack1R3#copy start flash:test.jpeg
Rack1R3#copy start flash:test.txt
Rack1R3#sh run | i ip http
ip http server
no ip http secure-server
ip http path flash:
Rack1R1#
Rack1R1#copy http://10.10.10.3/test.txt null:
Loading http://10.10.10.3/test.txt !
2278 bytes copied in 3.218 secs (728 bytes/sec)
Rack1R1#copy http://10.10.10.3/test.gif null:
%Error opening http://10.10.10.3/test.gif (I/O error)
Rack1R1#copy http://10.10.10.3/test.jpg null:
%Error opening http://10.10.10.3/test.jpg (I/O error)
Rack1R1#copy http://10.10.10.3/test.jpeg null:
%Error opening http://10.10.10.3/test.jpeg (I/O error)
Also, tried with match-any and it still works!
Rack1R4#sh run | b class-map match-any
!
class-map match-any TEST2
match protocol http url "*.gif|*.jpg|*.jpeg"
!
!
policy-map DROP
class IMAGES
drop
!
Many Thanks
Yemi Salau
________________________________
From: darth router [mailto:darklordrouter@gmail.com]
Sent: Tuesday, September 04, 2007 7:44 AM
To: Henk de Tombe
Cc: Salau, Yemi; Joseph Brunner; ccielab@groupstudy.com
Subject: Re: one question on matching images (MQC)
Yea,
I guess the syntax could be key, although I would think the logic of the
one I referenced would have worked as well, but it did not. The pipes
are already doing an OR without the parenthesis. I would not leave it to
chance, and lab it up. I know it will work correctly as long as you
select only one picture type. So if I download a .gif, the policy
matches, but then if I download a jpg, it does not match. I tried this
with all sort of different combos, same effect each time. Maybe the
parenthesis will fix it.
match-any works, nested under a match-all, which is essentially the same
logic as
match protocol http url "*.jpg|*.gif|*.jpeg" Or you can create a
separte class-map for each image type, and force the policy on each
type. I dunno. I am still curious.
On 9/3/07, Henk de Tombe <henk.de.Tombe@qi.nl> wrote:
Hi Darth router,
I've found the following on docCD:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hq
<http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/h
q>
os_r/qos_m1h.htm#wp1128712
** snippet of link above **
Match one of a choice of characters in a range. For example
cisco.(gif |
jpg) matches either cisco.gif or cisco.jpg.
** snippet **
I've found a previous post which tells the following:
http://www.groupstudy.com/archives/ccielab/200409/msg00813.html
"protocol http url" should be used for matching the actual URL,
usually
a file name, thus "*jpg" would work.
protocol http url "*.(jpg|bmp|gif|jpeg)" can be used instead of
multiple
lines.
The syntax you're using is different:
class-map match-all IMAGES
match protocol http url "*.jpg|*.gif|*.jpeg"
I didn't lab it up, but it sounds reasonable,
Just my 0.02
Regards,
Henk
Met vriendelijke groet,
Q&I
Henk de Tombe
Senior Network Engineer
Q&I NEDERLAND BV
Delftech Park 35 - 37
P.O. Box 402 - 2600 AK DELFT
Phone [+31] 15-8880444 - Fax [+31] 15-8880445
info@qi.nl - www.qi.nl
-----Oorspronkelijk bericht-----
Van: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Namens
darth
router
Verzonden: maandag 3 september 2007 11:02
Aan: Salau, Yemi
CC: Joseph Brunner; ccielab@groupstudy.com
Onderwerp: Re: one question on matching images (MQC)
I am not 100% sure of this, but this one does not seem to work
in my
tests.
I spent hours screwing with both examples, and what I found with
the
below
is, if I selected a picture of one of the listed types, the
policy would
match, but if you immediately select another type, it will not
match and
break the policy, and traffic does not get policed or dropped
(depending
what you are trying to do). Maybe some of the training gurus
could
elaborate. the 1rst one you listed will work as expected.
class-map match-all IMAGES
match protocol http url "*.jpg|*.gif|*.jpeg"
On 9/3/07, Salau, Yemi <yemi.salau@siemens.com> wrote:
>
> Both will achieve same results, I would use the second option
because
it
> saves me a hell lot of time, every seconds count in the lab
mate!
>
> Ofcourse provided if you're not streamlined!
>
> Many Thanks
>
> Yemi Salau
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf
Of
> Joseph Brunner
> Sent: Monday, September 03, 2007 6:44 AM
> To: ccielab@groupstudy.com
> Subject: one question on matching images (MQC)
>
> Which would you use and why?
>
>
>
> class-map match-any IMAGES
>
> match protocol http url "*.jpg"
>
> match protocol http url "*.gif"
>
> match protocol http url "*.jpeg"
>
>
>
> or
>
>
>
> class-map match-all IMAGES
>
> match protocol http url "*.jpg|*.gif|*.jpeg"
>
>
>
>
>
> danke schon!
>
>
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:09 ART
