From: Hobbs (deadheadblues@gmail.com)
Date: Sun Jul 13 2008 - 21:52:20 ART
a good way to test is to copy running-config to something like this on your
http "server" router:
R4#copy running-config config.jpeg
Destination filename [config.jpeg]?
Erase flash: before copying? [confirm]n
Verifying checksum... OK (0x42CD)
1648 bytes copied in 4.180 secs (394 bytes/sec)
R4#
R4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#ip http server
R4(config)#ip http path flash://
Then on R6, the client:
R6#copy http://172.14.45.4/config.jpeg flash://config.jpeg
Destination filename [config.jpeg]?
Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files! Continue? [confirm]n
Loading http://172.14.45.4/config.jpeg !
Verifying checksum... OK (0x42CD)
1648 bytes copied in 0.404 secs (4079 bytes/sec)
R6#
You could have a middle router, say R5 with the NBAR MQC policies that
filters out jpeg, gif extensions, etc.
On Sun, Jul 13, 2008 at 2:21 PM, Ramy Sisy <ramysisy@inspiredmaster.com>
wrote:
> Hi Omar,
> How could you test it?
> Are you requesting any image files with the right path direction to trigger
> the filter?
>
>
> BEST REGARDS,
>
> RAMY SISY, CCIE X 2 (SECURITY, ROUTING/SWITCHING)#17321, CCSI#30417
> CCIE PROGRAM MANAGER
>
> INSPIRED MASTER
> INSPIRING CREATIVE THINKING ....
>
> WWW.INSPIREDMASTER.COM
> E. RAMYSISY@INSPIREDMASTER.COM
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> omar
> parihuana
> Sent: Sunday, July 13, 2008 12:26 PM
> To: Cisco certification
> Subject: NBAR and Dynamips
>
> Hi List,
>
> I'm using Dynamips for replicate the labs of Internetwork Expert Vol I
> v4.1.
> I have an issue with Security part, specifically: Using NBAR to Filter
> Traffic, the labs is very simple, but is not working with my
> Dynagen/Dynamips. my questions is NBAR working well with Dynamips??? The
> configuration part is:
>
> class-map match-any IMAGES
> match protocol http url "*.gif"
> match protocol http url "*.jpeg|*.jpg"
> !
> !
> policy-map DROP_IMAGES
> class IMAGES
> drop
> !
>
> int s0/1
> service-policy input DROP_IMAGES
> int s0/0.201
> service-policy input DROP_IMAGES
> !
>
> But in accordance to tests, the files con extensions .gif, .jpg or jpeg
> never are blocked. I don't see nothing wrong, so what is the error??
>
> R4#sh policy-map interface s0/1
> drop
> Serial0/1
>
> Service-policy input: DROP_IMAGES
>
> Class-map: IMAGES (match-any)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol http url "*.gif"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol http url "*.jpeg|*.jpg"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
>
> Class-map: class-default (match-any)
> 15 packets, 1260 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
> R4#sh policy-map interface s0/0.201
>
> drop
> Serial0/0.201
>
> Service-policy input: DROP_IMAGES
>
> Class-map: IMAGES (match-any)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol http url "*.gif"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol http url "*.jpeg|*.jpg"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
>
> Class-map: class-default (match-any)
> 25 packets, 3674 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
> R4#
>
> Rgds.
>
>
> --
> Omar E.P.T
> -----------------
> Certified Networking Professionals make better Connections!
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:54 ART
