From: GAURAV MADAN (gauravmadan1177@gmail.com)
Date: Tue Jul 29 2008 - 05:11:13 ART
Hi Marvin
Thnx for the explaination .
My bad .. I didnt figured out the 01 and 10 stuff ..
Does the port number included in CLI (UDP port no ) .. dest. port number ?
Gaurav Madan.
On Tue, Jul 29, 2008 at 1:23 PM, Marvin Greenlee <mgreenlee@ipexpert.com> wrote:
> The router will complete an unfinished command.
>
> "ip nbar port-map custom-1"
> Completes to
> "ip nbar port-map custom-10"
>
> If you want to use the custom 1, you need to specify "ip nbar port-map
> custom-01", not "custom-1". I think that missing the zero is causing your
> problem.
>
> Regarding class-maps, it will allow you to match any that you have defined.
> If 10 is the only one that you have defined, that is all that will show up
> for "match protocol".
>
> Router(config)#do show ip nbar port-map | i custom
> port-map custom-01 udp 12345
> port-map custom-02 udp 1333
> port-map custom-10 udp 12344
> Router(config)#class-map test
> Router(config-cmap)#match prot cust?
> custom-01 custom-02 custom-10
>
>
> Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
> Senior Technical Instructor - IPexpert, Inc.
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: mgreenlee@ipexpert.com
>
> Progress or excuses, which one are you making?
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> GAURAV MADAN
> Sent: Tuesday, July 29, 2008 2:57 AM
> To: Cisco certification
> Subject: IP NBAR port-map
>
> HI Group
>
> I wanted a small clearification :
>
> If my requirement says " i have to deny upd packets going tp dest port
> 1434 " and i am not supposed to use the ACL for it .
>
> I plan to do this as :
>
> Rack1R5(config)#do sh run | inc ip nb
> ip nbar port-map custom-10 udp 1434
>
> Then I will match this in class-map " match protocol custom-10 " and
> finally drop in policy-map .
>
> Am I correct in my approach ?
>
> Question
> ***********
> 1) Is this udp port number that i specify ; the dest port number ?
> 2) When I give :
>
> Rack1R5(config)#ip nbar port-map ?
>
> custom-01 Custom protocol custom-01
> custom-02 Custom protocol custom-02
> custom-03 Custom protocol custom-03
> custom-04 Custom protocol custom-04
> custom-05 Custom protocol custom-05
> custom-06 Custom protocol custom-06
> custom-07 Custom protocol custom-07
> custom-08 Custom protocol custom-08
> custom-09 Custom protocol custom-09
> custom-10 Custom protocol custom-10
>
> Whatever I choose ; I get that configured as custom-10
>
> Rack1R5(config)#ip nbar port-map custom-1 udp 1001
> Rack1R5(config)#do sh run | inc ip nbar
> ip nbar port-map custom-10 udp 1001
>
> 3) Also ; I find only "custom-10" as only option in match protocol ....
>
> If I have to do this for multiple ports ( i know i can match upto 16
> in one custom itself ) then do we have some other options ?
>
> Thnx in advance
> Gaurav Madan.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:57 ART