From: Ben (bmunyao@gmail.com)
Date: Wed Sep 05 2007 - 14:04:10 ART
Hi
When I labbed this on dynamips using 3640 images, due to a "permission
error" I had to do the following additional steps to reproduce Yemi's test
results:
1.On server, I verified that the default "ip http authentication" method was
"enable", and the enable password was "cisco".
2.On the client, I then had to add the command "ip http client pass cisco"
An alternative I also used was:
1.Server: username anon priv 15 pass cisco
ip http authentication local
2.Client: ip http client user anon
ip http client pass cisco
My 2c
Ben
On 9/5/07, Henk de Tombe <henk.de.Tombe@qi.nl> wrote:
>
> That's a very nice test you've done. Thanks for sharing this info in the
> group,
>
> Regards,
> Henk
>
> Met vriendelijke groet,
>
> Q&I
>
> Henk de Tombe
> Senior Network Engineer
> Q&I NEDERLAND BV
> Delftech Park 35 - 37
> P.O. Box 402 - 2600 AK DELFT
> Phone [+31] 15-8880444 - Fax [+31] 15-8880445
> info@qi.nl - www.qi.nl
> -----Oorspronkelijk bericht-----
> Van: Salau, Yemi [mailto:yemi.salau@siemens.com]
> Verzonden: dinsdag 4 september 2007 15:05
> Aan: darth router; Henk de Tombe
> CC: Joseph Brunner; ccielab@groupstudy.com
> Onderwerp: RE: one question on matching images (MQC)
>
> See, I believe this works because I have used it and still use it, take
> a loko at this dump from Routers that connects thus:
> Rack1R3----Rack1R4----Rack1R1; with Rack1R4 in between Rack1R3 and
> Rack1R1. Rack1R4 is configured with the policy-map, Rack1R3 as a web
> server, and Rack1R1 for testing the downloads. This certainly works,
> even with class-map "match-any/match-all" TEST2; I will suggest looking
> into configurations/IOS Bug or direction of application of policy-map. I
> have applied my own policy map inbound on Rack1R4's interface which
> connects to Rack1R1.
>
> Rack1R4#sh policy-map int s1/0
>
> Serial1/0
>
> Service-policy input: DROP2
>
> Class-map: TEST2 (match-all)
> 18 packets, 2641 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol http url "*.gif|*.jpg|*.jpeg"
> drop
>
> Class-map: class-default (match-any)
> 24 packets, 1675 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
>
> Rack1R4#sh run | b class-map match-all
> !
> class-map match-all TEST2
> match protocol http url "*.gif|*.jpg|*.jpeg"
> !
> !
> policy-map DROP
> class IMAGES
> drop
> !
>
> Rack1R3#copy start flash:test.gif
> Rack1R3#copy start flash:test.jpg
> Rack1R3#copy start flash:test.jpeg
> Rack1R3#copy start flash:test.txt
> Rack1R3#sh run | i ip http
> ip http server
> no ip http secure-server
> ip http path flash:
>
> Rack1R1#
> Rack1R1#copy http://10.10.10.3/test.txt null:
> Loading http://10.10.10.3/test.txt !
> 2278 bytes copied in 3.218 secs (728 bytes/sec)
>
> Rack1R1#copy http://10.10.10.3/test.gif null:
> %Error opening http://10.10.10.3/test.gif (I/O error)
>
> Rack1R1#copy http://10.10.10.3/test.jpg null:
> %Error opening http://10.10.10.3/test.jpg (I/O error)
>
> Rack1R1#copy http://10.10.10.3/test.jpeg null:
> %Error opening http://10.10.10.3/test.jpeg (I/O error)
>
>
> Also, tried with match-any and it still works!
> Rack1R4#sh run | b class-map match-any
> !
> class-map match-any TEST2
> match protocol http url "*.gif|*.jpg|*.jpeg"
> !
> !
> policy-map DROP
> class IMAGES
> drop
> !
>
>
> Many Thanks
>
> Yemi Salau
>
>
> ________________________________
>
> From: darth router [mailto:darklordrouter@gmail.com]
> Sent: Tuesday, September 04, 2007 7:44 AM
> To: Henk de Tombe
> Cc: Salau, Yemi; Joseph Brunner; ccielab@groupstudy.com
> Subject: Re: one question on matching images (MQC)
>
>
> Yea,
>
> I guess the syntax could be key, although I would think the logic of the
> one I referenced would have worked as well, but it did not. The pipes
> are already doing an OR without the parenthesis. I would not leave it to
> chance, and lab it up. I know it will work correctly as long as you
> select only one picture type. So if I download a .gif, the policy
> matches, but then if I download a jpg, it does not match. I tried this
> with all sort of different combos, same effect each time. Maybe the
> parenthesis will fix it.
>
> match-any works, nested under a match-all, which is essentially the same
> logic as
> match protocol http url "*.jpg|*.gif|*.jpeg" Or you can create a
> separte class-map for each image type, and force the policy on each
> type. I dunno. I am still curious.
>
>
>
>
>
>
> On 9/3/07, Henk de Tombe <henk.de.Tombe@qi.nl> wrote:
>
> Hi Darth router,
>
> I've found the following on docCD:
>
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hq
> <http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/h
> q>
> os_r/qos_m1h.htm#wp1128712
>
>
> ** snippet of link above **
>
> Match one of a choice of characters in a range. For example
> cisco.(gif |
> jpg) matches either cisco.gif or cisco.jpg.
>
> ** snippet **
>
> I've found a previous post which tells the following:
>
> http://www.groupstudy.com/archives/ccielab/200409/msg00813.html
>
> "protocol http url" should be used for matching the actual URL,
> usually
> a file name, thus "*jpg" would work.
>
> protocol http url "*.(jpg|bmp|gif|jpeg)" can be used instead of
> multiple
> lines.
>
>
> The syntax you're using is different:
>
> class-map match-all IMAGES
> match protocol http url "*.jpg|*.gif|*.jpeg"
>
> I didn't lab it up, but it sounds reasonable,
>
> Just my 0.02
>
>
>
> Regards,
> Henk
>
>
>
> Met vriendelijke groet,
>
> Q&I
>
> Henk de Tombe
> Senior Network Engineer
> Q&I NEDERLAND BV
> Delftech Park 35 - 37
> P.O. Box 402 - 2600 AK DELFT
> Phone [+31] 15-8880444 - Fax [+31] 15-8880445
> info@qi.nl - www.qi.nl
>
>
> -----Oorspronkelijk bericht-----
> Van: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Namens
> darth
> router
> Verzonden: maandag 3 september 2007 11:02
> Aan: Salau, Yemi
> CC: Joseph Brunner; ccielab@groupstudy.com
> Onderwerp: Re: one question on matching images (MQC)
>
> I am not 100% sure of this, but this one does not seem to work
> in my
> tests.
> I spent hours screwing with both examples, and what I found with
> the
> below
> is, if I selected a picture of one of the listed types, the
> policy would
> match, but if you immediately select another type, it will not
> match and
> break the policy, and traffic does not get policed or dropped
> (depending
> what you are trying to do). Maybe some of the training gurus
> could
> elaborate. the 1rst one you listed will work as expected.
>
> class-map match-all IMAGES
> match protocol http url "*.jpg|*.gif|*.jpeg"
>
>
>
>
>
>
> On 9/3/07, Salau, Yemi <yemi.salau@siemens.com> wrote:
> >
> > Both will achieve same results, I would use the second option
> because
> it
> > saves me a hell lot of time, every seconds count in the lab
> mate!
> >
> > Ofcourse provided if you're not streamlined!
> >
> > Many Thanks
> >
> > Yemi Salau
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf
> Of
> > Joseph Brunner
> > Sent: Monday, September 03, 2007 6:44 AM
> > To: ccielab@groupstudy.com
> > Subject: one question on matching images (MQC)
> >
> > Which would you use and why?
> >
> >
> >
> > class-map match-any IMAGES
> >
> > match protocol http url "*.jpg"
> >
> > match protocol http url "*.gif"
> >
> > match protocol http url "*.jpeg"
> >
> >
> >
> > or
> >
> >
> >
> > class-map match-all IMAGES
> >
> > match protocol http url "*.jpg|*.gif|*.jpeg"
> >
> >
> >
> >
> >
> > danke schon!
> >
> >
>
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
>
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:09 ART
