RE: NBAR and Dynamips

From: Ramy Sisy (ramysisy@inspiredmaster.com)
Date: Sun Jul 13 2008 - 17:21:31 ART

• Next message: Ramy Sisy: "RE: IPexpert is the World Leader in CCIE Training"
• Previous message: Jason Madsen: "Re: OSPF TTL"
• Maybe in reply to: omar parihuana: "NBAR and Dynamips"
• Next in thread: Azher: "Re: NBAR and Dynamips"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Omar,
How could you test it?
Are you requesting any image files with the right path direction to trigger
the filter?

BEST REGARDS,

RAMY SISY, CCIE X 2 (SECURITY, ROUTING/SWITCHING)#17321, CCSI#30417
CCIE PROGRAM MANAGER

INSPIRED MASTER
                        INSPIRING CREATIVE THINKING ....

WWW.INSPIREDMASTER.COM
E. RAMYSISY@INSPIREDMASTER.COM

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of omar
parihuana
Sent: Sunday, July 13, 2008 12:26 PM
To: Cisco certification
Subject: NBAR and Dynamips

Hi List,

I'm using Dynamips for replicate the labs of Internetwork Expert Vol I v4.1.
I have an issue with Security part, specifically: Using NBAR to Filter
Traffic, the labs is very simple, but is not working with my
Dynagen/Dynamips. my questions is NBAR working well with Dynamips??? The
configuration part is:

class-map match-any IMAGES
 match protocol http url "*.gif"
 match protocol http url "*.jpeg|*.jpg"
!
!
policy-map DROP_IMAGES
 class IMAGES
   drop
!

int s0/1
service-policy input DROP_IMAGES
int s0/0.201
service-policy input DROP_IMAGES
!

But in accordance to tests, the files con extensions .gif, .jpg or jpeg
never are blocked. I don't see nothing wrong, so what is the error??

R4#sh policy-map interface s0/1
      drop
 Serial0/1

  Service-policy input: DROP_IMAGES

    Class-map: IMAGES (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol http url "*.gif"
        0 packets, 0 bytes
        5 minute rate 0 bps
      Match: protocol http url "*.jpeg|*.jpg"
        0 packets, 0 bytes
        5 minute rate 0 bps

    Class-map: class-default (match-any)
      15 packets, 1260 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
R4#sh policy-map interface s0/0.201

      drop
 Serial0/0.201

  Service-policy input: DROP_IMAGES

    Class-map: IMAGES (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol http url "*.gif"
        0 packets, 0 bytes
        5 minute rate 0 bps
      Match: protocol http url "*.jpeg|*.jpg"
        0 packets, 0 bytes
        5 minute rate 0 bps

    Class-map: class-default (match-any)
      25 packets, 3674 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
R4#

Rgds.

-- 
Omar E.P.T
-----------------
Certified Networking Professionals make better Connections!

• Next message: Ramy Sisy: "RE: IPexpert is the World Leader in CCIE Training"
• Previous message: Jason Madsen: "Re: OSPF TTL"
• Maybe in reply to: omar parihuana: "NBAR and Dynamips"
• Next in thread: Azher: "Re: NBAR and Dynamips"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:54 ART