RE: IP NBAR port-map

From: Marvin Greenlee (mgreenlee@ipexpert.com)
Date: Tue Jul 29 2008 - 04:53:40 ART

• Next message: GAURAV MADAN: "Re: IP NBAR port-map"
• Previous message: CCIE3000: "Re: Virtual Link Behaviour"
• Maybe in reply to: GAURAV MADAN: "IP NBAR port-map"
• Next in thread: GAURAV MADAN: "Re: IP NBAR port-map"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The router will complete an unfinished command.

"ip nbar port-map custom-1"
Completes to
"ip nbar port-map custom-10"

If you want to use the custom 1, you need to specify "ip nbar port-map
custom-01", not "custom-1". I think that missing the zero is causing your
problem.

Regarding class-maps, it will allow you to match any that you have defined.
If 10 is the only one that you have defined, that is all that will show up
for "match protocol".

Router(config)#do show ip nbar port-map | i custom
port-map custom-01 udp 12345
port-map custom-02 udp 1333
port-map custom-10 udp 12344
Router(config)#class-map test
Router(config-cmap)#match prot cust?
custom-01 custom-02 custom-10

Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: mgreenlee@ipexpert.com

Progress or excuses, which one are you making?
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
GAURAV MADAN
Sent: Tuesday, July 29, 2008 2:57 AM
To: Cisco certification
Subject: IP NBAR port-map

HI Group

I wanted a small clearification :

If my requirement says " i have to deny upd packets going tp dest port
1434 " and i am not supposed to use the ACL for it .

I plan to do this as :

Rack1R5(config)#do sh run | inc ip nb
ip nbar port-map custom-10 udp 1434

Then I will match this in class-map " match protocol custom-10 " and
finally drop in policy-map .

Am I correct in my approach ?

Question
***********
1) Is this udp port number that i specify ; the dest port number ?
2) When I give :

Rack1R5(config)#ip nbar port-map ?

  custom-01 Custom protocol custom-01
  custom-02 Custom protocol custom-02
  custom-03 Custom protocol custom-03
  custom-04 Custom protocol custom-04
  custom-05 Custom protocol custom-05
  custom-06 Custom protocol custom-06
  custom-07 Custom protocol custom-07
  custom-08 Custom protocol custom-08
  custom-09 Custom protocol custom-09
  custom-10 Custom protocol custom-10

Whatever I choose ; I get that configured as custom-10

Rack1R5(config)#ip nbar port-map custom-1 udp 1001
Rack1R5(config)#do sh run | inc ip nbar
ip nbar port-map custom-10 udp 1001

3) Also ; I find only "custom-10" as only option in match protocol ....

If I have to do this for multiple ports ( i know i can match upto 16
in one custom itself ) then do we have some other options ?

Thnx in advance
Gaurav Madan.

Blogs and organic groups at http://www.ccie.net

• Next message: GAURAV MADAN: "Re: IP NBAR port-map"
• Previous message: CCIE3000: "Re: Virtual Link Behaviour"
• Maybe in reply to: GAURAV MADAN: "IP NBAR port-map"
• Next in thread: GAURAV MADAN: "Re: IP NBAR port-map"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:57 ART