From: dara tomar (wish2ie@gmail.com)
Date: Wed Jul 30 2008 - 05:09:32 ART
*Yes Gaurav,
That's the destination port that you are using to match the traffic
specifically.
you can use the "#show ip nbar port-map" to see the mappings that are in
there by default and that have been added by you.
Thanks,
Dara
*
On Tue, Jul 29, 2008 at 1:41 PM, GAURAV MADAN <gauravmadan1177@gmail.com>wrote:
> Hi Marvin
>
> Thnx for the explaination .
> My bad .. I didnt figured out the 01 and 10 stuff ..
>
> Does the port number included in CLI (UDP port no ) .. dest. port number ?
>
> Gaurav Madan.
>
> On Tue, Jul 29, 2008 at 1:23 PM, Marvin Greenlee <mgreenlee@ipexpert.com>
> wrote:
> > The router will complete an unfinished command.
> >
> > "ip nbar port-map custom-1"
> > Completes to
> > "ip nbar port-map custom-10"
> >
> > If you want to use the custom 1, you need to specify "ip nbar port-map
> > custom-01", not "custom-1". I think that missing the zero is causing
> your
> > problem.
> >
> > Regarding class-maps, it will allow you to match any that you have
> defined.
> > If 10 is the only one that you have defined, that is all that will show
> up
> > for "match protocol".
> >
> > Router(config)#do show ip nbar port-map | i custom
> > port-map custom-01 udp 12345
> > port-map custom-02 udp 1333
> > port-map custom-10 udp 12344
> > Router(config)#class-map test
> > Router(config-cmap)#match prot cust?
> > custom-01 custom-02 custom-10
> >
> >
> > Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
> > Senior Technical Instructor - IPexpert, Inc.
> > Telephone: +1.810.326.1444
> > Fax: +1.810.454.0130
> > Mailto: mgreenlee@ipexpert.com
> >
> > Progress or excuses, which one are you making?
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > GAURAV MADAN
> > Sent: Tuesday, July 29, 2008 2:57 AM
> > To: Cisco certification
> > Subject: IP NBAR port-map
> >
> > HI Group
> >
> > I wanted a small clearification :
> >
> > If my requirement says " i have to deny upd packets going tp dest port
> > 1434 " and i am not supposed to use the ACL for it .
> >
> > I plan to do this as :
> >
> > Rack1R5(config)#do sh run | inc ip nb
> > ip nbar port-map custom-10 udp 1434
> >
> > Then I will match this in class-map " match protocol custom-10 " and
> > finally drop in policy-map .
> >
> > Am I correct in my approach ?
> >
> > Question
> > ***********
> > 1) Is this udp port number that i specify ; the dest port number ?
> > 2) When I give :
> >
> > Rack1R5(config)#ip nbar port-map ?
> >
> > custom-01 Custom protocol custom-01
> > custom-02 Custom protocol custom-02
> > custom-03 Custom protocol custom-03
> > custom-04 Custom protocol custom-04
> > custom-05 Custom protocol custom-05
> > custom-06 Custom protocol custom-06
> > custom-07 Custom protocol custom-07
> > custom-08 Custom protocol custom-08
> > custom-09 Custom protocol custom-09
> > custom-10 Custom protocol custom-10
> >
> > Whatever I choose ; I get that configured as custom-10
> >
> > Rack1R5(config)#ip nbar port-map custom-1 udp 1001
> > Rack1R5(config)#do sh run | inc ip nbar
> > ip nbar port-map custom-10 udp 1001
> >
> > 3) Also ; I find only "custom-10" as only option in match protocol ....
> >
> > If I have to do this for multiple ports ( i know i can match upto 16
> > in one custom itself ) then do we have some other options ?
> >
> > Thnx in advance
> > Gaurav Madan.
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:58 ART