From: omar parihuana (omar.parihuana@gmail.com)
Date: Sun Jul 13 2008 - 16:50:18 ART
Thanks Scott, Igor,
I've enabled NBAR over the interface but not filter not work! In the next
days I'll try to set up a real hardware, maybe Dynamips don't work well with
NBAR.
Rgds.
On Sun, Jul 13, 2008 at 2:42 PM, Scott Morris <
smorris@internetworkexpert.com> wrote:
> The interface command is used for gathering/building statistics. It is
> not
> necessary for general NBAR/MQC operations though.
>
>
> http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_i1.html#wp1032
> 105
>
> HTH,
>
>
> Scott Morris, CCIE4 #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al.
> CCSI/JNCI-M/JNCI-ER
> Senior CCIE Instructor
>
> smorris@internetworkexpert.com
>
>
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Outside US: 775-826-4344
> Online Community: http://www.IEOC.com
> CCIE Blog: http://blog.internetworkexpert.com
>
>
> Knowledge is power.
> Power corrupts.
> Study hard and be Eeeeviiiil......
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Igor
> Manassypov
> Sent: Sunday, July 13, 2008 3:30 PM
> To: omar parihuana; Cisco certification
> Subject: Re: NBAR and Dynamips
>
> you do have nbar enabled under interface, dont you?
>
> omar parihuana <omar.parihuana@gmail.com> wrote: Hi List,
>
> I'm using Dynamips for replicate the labs of Internetwork Expert Vol I
> v4.1.
> I have an issue with Security part, specifically: Using NBAR to Filter
> Traffic, the labs is very simple, but is not working with my
> Dynagen/Dynamips. my questions is NBAR working well with Dynamips??? The
> configuration part is:
>
> class-map match-any IMAGES
> match protocol http url "*.gif"
> match protocol http url "*.jpeg|*.jpg"
> !
> !
> policy-map DROP_IMAGES
> class IMAGES
> drop
> !
>
> int s0/1
> service-policy input DROP_IMAGES
> int s0/0.201
> service-policy input DROP_IMAGES
> !
>
> But in accordance to tests, the files con extensions .gif, .jpg or jpeg
> never are blocked. I don't see nothing wrong, so what is the error??
>
> R4#sh policy-map interface s0/1
> drop
> Serial0/1
>
> Service-policy input: DROP_IMAGES
>
> Class-map: IMAGES (match-any)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol http url "*.gif"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol http url "*.jpeg|*.jpg"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
>
> Class-map: class-default (match-any)
> 15 packets, 1260 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
> R4#sh policy-map interface s0/0.201
>
> drop
> Serial0/0.201
>
> Service-policy input: DROP_IMAGES
>
> Class-map: IMAGES (match-any)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol http url "*.gif"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol http url "*.jpeg|*.jpg"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
>
> Class-map: class-default (match-any)
> 25 packets, 3674 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
> R4#
>
> Rgds.
>
>
> --
> Omar E.P.T
> -----------------
> Certified Networking Professionals make better Connections!
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
> Igor M., M.Eng, P.Eng
> Network Architect
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
-- Omar E.P.T ----------------- Certified Networking Professionals make better Connections!
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:54 ART