From: subodh.rawat@wipro.com
Date: Mon Oct 08 2007 - 07:44:16 ART
Gotcha!!!
HTH
Subodh
________________________________
From: Shamin [mailto:ccie.xpert@gmail.com]
Sent: Monday, October 08, 2007 4:08 PM
To: Subodh Singh Rawat (WT01 - TELECOM SERVICE PROVIDER)
Cc: lalit.tech@gmail.com; joe@affirmedsystems.com;
Thomas.W.Johnson@chase.com; ccielab@groupstudy.com
Subject: Re: Match Protocol
Hi Subodh,
I just interpreted the initially posted question and put the solution in
a different way than
Joseph , found earlier in the thread. Same scenario, different solution.
Wanted to know if my interpretation was correct
Regards
Shameen
On 10/8/07, subodh.rawat@wipro.com <subodh.rawat@wipro.com> wrote:
Hi Shamim,
What I have understood from your policy is that:
1. Your Lan (VLAN34) has clients 10.1.34.x having IP address
either of 1, 8,9,16,17,24,25
2. You want to apply web QoS policy for any Web traffic coming
from outside in response to Web connections originated from your
clients.
3. You want to drop all traffic which are having attachments
.jpg, .jpeg or .gif and this web connection was originated from your
clients (VLAN34) to ( www.affirmedsystems.com
<http://www.affirmedsystems.com/> and accessed web directory).
4. You want to rate limit traffic to 512Kbps for these web
traffic originated from your clients (VLAN34) to (
www.affirmedsystems.com <http://www.affirmedsystems.com/> and accessed
web directory).
Seems OK to me. Correct me if I have understood wrong.
Regards
Subodh
________________________________
From: Shamin [mailto:ccie.xpert@gmail.com]
Sent: Monday, October 08, 2007 2:21 PM
To: Subodh Singh Rawat (WT01 - TELECOM SERVICE PROVIDER)
Cc: lalit.tech@gmail.com ; joe@affirmedsystems.com;
Thomas.W.Johnson@chase.com; ccielab@groupstudy.com
Subject: Re: Match Protocol
Hi,
I did a solution as below. Can anyone comment on this and tell
me if I am wrong.
access-list 100 remark to VLAN_34
access-list 100 permit tcp any eq www 10.1.34.0
<http://10.1.34.0/> 0.0.0.25 <http://0.0.0.25/>
class-map match-all IMAGES
match protocol http url "*.jpg|*.jpeg|*.gif"
policy-map DROP_IMAGE
class IMAGES
drop
class-map match-all POLICE
match access-group 100
match protocol http host " www.affirmedsystems.com
<http://www.affirmedsystems.com/> "
match protocol http url "directory/*"
policy-map WEBPOLICY
class POLICE
police cir 512000
service-policy DROP_IMAGE
class class-default
int f0/0
desc facing lan
service-policy output WEBPOLICY
Awaiting feedbacks.
Regards
Shameen
On 10/8/07, subodh.rawat@wipro.com < subodh.rawat@wipro.com
<mailto:subodh.rawat@wipro.com> > wrote:
You are right. You got the Binary operation correct.
"match-all" option
is optional.
But as you asked .............."Dont you think it should
be match-any
instead of match all here.. bcoz
it means any of the image matched... if we say match all
, it means all
should be there to drop it."..............my
understanding is that for
single line statement it can be either "match-all" or
"match-any".
HTH
Subodh
________________________________
From: lalit gupta [mailto:lalit.tech@gmail.com ]
Sent: Monday, October 08, 2007 11:35 AM
To: Subodh Singh Rawat (WT01 - TELECOM SERVICE PROVIDER)
Cc: joe@affirmedsystems.com; Thomas.W.Johnson@chase.com;
ccielab@groupstudy.com
Subject: Re: Match Protocol
Hi Subodh,
i do agree, but it will match DNS and with either Jpg ,
jpeg or gif...
Means in single line it will OR and and for both the
lines it will AND.
Please correct me if I am wrong or reply if you are
agree.
Rgrds
lalit
On 10/8/07, subodh.rawat@wipro.com
<subodh.rawat@wipro.com > wrote:
My understanding says that "match-all" or
"match-any" applies
per line.
E.g
class-map match-all IMAGES
match protocol http url "*.jpg|*.jpeg|*.gif"
match protocol dns
This will match for AND operation of 1st line and
second line.
Please correct me if I am wrong.
HTH
Subodh
-----Original Message-----
From: nobody@groupstudy.com [mailto:
nobody@groupstudy.com <mailto:nobody@groupstudy.com> ] On
Behalf Of
lalit gupta
Sent: Monday, October 08, 2007 10:52 AM
To: Joseph Brunner
Cc: Thomas.W.Johnson@chase.com ;
ccielab@groupstudy.com
Subject: Re: Match Protocol
HI Joseph,
i do agree with your configuration but i differ
on one statement
class-map match-all IMAGES
match protocol http url "*.jpg|*.jpeg|*.gif"
Dont you think it should be match-any instead of
match all
here.. bcoz
it means any of the image matched... if we say
match all , it
means all
should be there to drop it.
Correct me if i m wrong.,
rgrds
lalit
On 10/6/07, Joseph Brunner <
joe@affirmedsystems.com <mailto:joe@affirmedsystems.com> > wrote:
>
> Thomas,
>
> The great Mr. Cappuccio has answered this
before... here is my
version
> of his wonderful config. Forget CCO its not
much help for
this. Oh,
> and yeah I tested it in my office... it works!
>
>
> access-list 100 remark to VLAN_34
> access-list 100 permit tcp any eq www 10.1.34.0
<http://10.1.34.0/> 0.0.0.25 <http://0.0.0.25/>
>
> class-map match-all IMAGES
> match protocol http url "*.jpg|*.jpeg|*.gif"
>
> class-map match-all POLICE
> match access-group 100
> match protocol http host "
www.affirmedsystems.com <http://www.affirmedsystems.com/> "
> match protocol http url "directory/*"
>
> class-map match-all DIE
> match access-group 100
> match protocol http host "
www.affirmedsystems.com <http://www.affirmedsystems.com/> "
> match protocol http url "directory/*"
> match class-map IMAGES
>
> policy-map WEBPOLICY
> class DIE
> drop
> class POLICE
> police cir 512000
> class class-default
>
>
> int f0/0
> desc facing lan
> service-policy output WEBPOLICY
>
> -Joe
>
> -----Original Message-----
> From: nobody@groupstudy.com
[mailto:nobody@groupstudy.com] On
Behalf
> Of Thomas.W.Johnson@chase.com
> Sent: Friday, October 05, 2007 2:16 PM
> To: ccielab@groupstudy.com
> Subject: Match Protocol
>
> I'm ran across a question that wanted you to
limit all return
traffic
> from www.thiswebsite.com/thisdirectory destined
for a specific
VLAN to
> whatever, 512k, and drop any image files (jpg,
bmp or gif)
from this
> website.
> How do you match the image files? I assume
it's with the
match
> protocol http command, however, what parameters
do you use?
Do I need
> to use the match protocol http with the mime
parameter or do I
use
> match protocol http with url *.jpg | *.bmp |
*.gif? I just
don't
> understand how you match image files with the
match protocol
command.
>
>
>
> Thanks in advance.
>
>
>
> Thomas
> Johnson
>
> JP Morgan Chase
>
> Global Network Implementation
> -----------------------------------------
> This transmission may contain
> information that is privileged,
> confidential, legally privileged, and/or exempt
from
disclosure under
> applicable law. If you are not the intended
recipient, you
are hereby
> notified that any disclosure, copying,
distribution, or use of
the
> information contained herein (including any
reliance
> thereon) is
> STRICTLY PROHIBITED. Although this
transmission and any
attachments
> are believed to be free of any virus or other
defect that
might affect
> any computer system into which it is received
and opened, it
is the
> responsibility of the recipient to ensure that
it is virus
free and no
> responsibility is accepted by JPMorgan Chase &
Co., its
subsidiaries
> and affiliates, as applicable, for any loss or
damage arising
in any
> way from its use.
> If you
> received this transmission in error, please
immediately
contact the
> sender and destroy the material in its
entirety, whether in
electronic
> or hard copy format. Thank you.
>
>
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:12 ART