From: Scott Morris (smorris@internetworkexpert.com)
Date: Sun Jul 13 2008 - 17:08:42 ART
Sorry that I don't play with Dynamips, so I can't offer much insight there!
Cheers,
Scott
_____
From: omar parihuana [mailto:omar.parihuana@gmail.com]
Sent: Sunday, July 13, 2008 3:50 PM
To: smorris@internetworkexpert.com
Cc: Igor Manassypov; Cisco certification
Subject: Re: NBAR and Dynamips
Thanks Scott, Igor,
I've enabled NBAR over the interface but not filter not work! In the next
days I'll try to set up a real hardware, maybe Dynamips don't work well with
NBAR.
Rgds.
On Sun, Jul 13, 2008 at 2:42 PM, Scott Morris
<smorris@internetworkexpert.com> wrote:
The interface command is used for gathering/building statistics. It is not
necessary for general NBAR/MQC operations though.
http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_i1.html#wp1032
105
HTH,
Scott Morris, CCIE4 #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al.
CCSI/JNCI-M/JNCI-ER
Senior CCIE Instructor
smorris@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Outside US: 775-826-4344
Online Community: http://www.IEOC.com
CCIE Blog: http://blog.internetworkexpert.com
Knowledge is power.
Power corrupts.
Study hard and be Eeeeviiiil......
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Igor
Manassypov
Sent: Sunday, July 13, 2008 3:30 PM
To: omar parihuana; Cisco certification
Subject: Re: NBAR and Dynamips
you do have nbar enabled under interface, dont you?
omar parihuana <omar.parihuana@gmail.com> wrote: Hi List,
I'm using Dynamips for replicate the labs of Internetwork Expert Vol I v4.1.
I have an issue with Security part, specifically: Using NBAR to Filter
Traffic, the labs is very simple, but is not working with my
Dynagen/Dynamips. my questions is NBAR working well with Dynamips??? The
configuration part is:
class-map match-any IMAGES
match protocol http url "*.gif"
match protocol http url "*.jpeg|*.jpg"
!
!
policy-map DROP_IMAGES
class IMAGES
drop
!
int s0/1
service-policy input DROP_IMAGES
int s0/0.201
service-policy input DROP_IMAGES
!
But in accordance to tests, the files con extensions .gif, .jpg or jpeg
never are blocked. I don't see nothing wrong, so what is the error??
R4#sh policy-map interface s0/1
drop
Serial0/1
Service-policy input: DROP_IMAGES
Class-map: IMAGES (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*.gif"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "*.jpeg|*.jpg"
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: class-default (match-any)
15 packets, 1260 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
R4#sh policy-map interface s0/0.201
drop
Serial0/0.201
Service-policy input: DROP_IMAGES
Class-map: IMAGES (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*.gif"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "*.jpeg|*.jpg"
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: class-default (match-any)
25 packets, 3674 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
R4#
Rgds.
-- Omar E.P.T ----------------- Certified Networking Professionals make better Connections!
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:54 ART