From: Huan Pham (Huan.Pham@peopletelecom.com.au)
Date: Thu Sep 11 2008 - 19:38:47 ART
Policy can be done both Inbound or Outbound. This is true no matter if
you use NBAR or ACL to match traffic.
On the other hand, shapping can be done outbound only.
For instance, with a topology like below:
PC ---- R1 ---------- R2 ----- WWW Server
E0 S0 S0 E0
If you want to policy image traffic from the WWW server, you can police
- inbound on R1 Serial interface,
- outbound on R1 Ethernet,
- inbound on R2 Ethernet
- outbound on R2 Serial.
Cheers,
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Igor M.
Sent: Friday, 12 September 2008 5:07 AM
To: Cisco certification
Subject: policing based on nbar
Hi all,
If I want to match on a bunch of mime types in the http request header
and police that kind of traffic - would that have to be an inbound or
outbound policy, or both?
The goal is to limit the rate of downloading the specified image
types...
Like so:
class-map match-all IMAGES
match protocol http mime "*.(gif|jpg|jpeg)"
policy-map NBAR
class IMAGES
police 100000
int e0/0
service-policy input NBAR
----------------------
I.M., M.Eng. P.Eng.
Network Architect
CI Investments
----------------------
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:18 ART