From: sirus MOGHADASIAN (cyrus.mgh@gmail.com)
Date: Sat Sep 13 2008 - 06:50:44 ART
Hi,
It's not matter of sub-interface. If u have multiple classes and u already
applied some police or shaping per class and also u want to restrict overall
traffic on all of this classes then u have to nest your first policy-map to
later one.
HTH,
On Sat, Sep 13, 2008 at 7:44 PM, Ali Mousawi <mousawi.ali@gmail.com> wrote:
> Thanks alot for this extensive explanation.
>
> You said we cannot apply mode than one policy per interface per direction
> but cant we use nested policies? As I know with sub interfaces we must use
> nested policies when we have any queing mechanism...correct me if am wrong
>
> Regards
> Ali
>
> On Sat, Sep 13, 2008 at 2:32 AM, sirus MOGHADASIAN <cyrus.mgh@gmail.com>wrote:
>
>> Hi Ali,
>>
>> First off, your class map is "match-all" so u match only if u have gif and
>> jpg and jpeg at a same time!!
>>
>> So u need to do it in "OR" base, u could change either class-map type to
>> "match-any" or your matching strategy.(yours not gonna work)
>>
>> Second , you need to match base on "URL" not mime, since if u would match
>> "JPEG" mime ,your configuration would be
>>
>> " match protocol http mime image/Jpeg" and this would match all
>> jpeg,jpg,jpe,jfif,pjpeg, and pjp types.
>>
>> Also u could not say " match protocol http mime image/Jpg" , Jpg is not a
>> mime type.
>>
>> So u need to have statement like this " match protocol http url
>> "*JPG|*GIF|*JPEG" .
>> or if u want to match them separately u have to use "match-any" class-map
>> type.
>>
>> Third, u can only apply "ONE" policy map per direction to intrface, so you
>> should do it this way:
>>
>> Class-map IMAGE match-all
>> match protocol http url "*JPG|*GIF|JPEG"
>> match protocol url "www.youtube.com"
>>
>> Class-map URL match-all
>> match protocol url "www.youtube.com"
>>
>>
>> Policy-map RESTRICT
>> class URL
>> police 115000
>> class IMAGE
>> drop
>>
>> your current configuration means you police class URL and class IMAGE
>> which was already dropped by 115000!!!
>> Although it may work but I prefer to separate class maps.
>>
>> Forth, u should apply it inbound.
>>
>> HTH,
>>
>>
>> On Sat, Sep 13, 2008 at 6:25 AM, Ali Mousawi <mousawi.ali@gmail.com>wrote:
>>
>>> Hello,
>>>
>>> Task: Police Traffic from www.youtube.com to 512000kbp and drop all
>>> images
>>> (jpeg,jpg or gif) from this website.
>>>
>>> My Solution is:
>>>
>>> ###########################
>>> class-map URL
>>> match protocol http url www.youtube.com
>>>
>>> class-map IMAGES
>>> match protocol http mime "*jpg"
>>> match protocol http mime "*jpeg"
>>> match protocol http mime "*gif"
>>>
>>> policy-map DROP_IMAGES
>>> class IMAGES
>>> drop
>>>
>>> policy-map POLICE
>>> class URL
>>> police 512000
>>> service-policy DROP_IMAGES
>>> ###############################
>>>
>>> Any comments on the above solution?
>>> How can I test if this solution is working?
>>>
>>> Regards
>>> Ali
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Sirus Moghadasian
>> CCIE #21862 (R&S)
>>
>
>
-- Sirus Moghadasian CCIE #21862 (R&S)Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:18 ART