From: Han Solo (emaillists@me.com)
Date: Sat Jan 24 2009 - 13:49:22 ARST
I think it has to do with the "match-all" in the class map I am trying
different things , bottom line with both of the examples posted so far
there is no match. I have a 2851 as internet router at home to try and
test them so I block my wife's stuff when I come home from work it
really is good exercise to get these things down .. Curious why these
one's aren't working ? If you want to jump on and test with me let me
know i will start up a webex
On Jan 24, 2009, at 7:35 AM, Roger RPF wrote:
> Well, I did not try but I guess you would have to use:
>
> match protocol http url "*/ccie"
>
> or
>
> match protocol http url "go/ccie"
>
> if that is the exact url
>
> regards
>
> Roger
>
>
> -----Urspr|ngliche Nachricht-----
> Von: Han Solo [mailto:emaillists@me.com]
> Gesendet: Samstag, 24. Januar 2009 16:30
> An: Wouter Prins
> Cc: Roger RPF; Cisco certification
> Betreff: Re: nbar / http classification question
>
> That doesn't work I tried it
>
> INTERNET#sh policy-map interface g0/0
> GigabitEthernet0/0
>
> Service-policy input: url
>
> Class-map: url (match-all)
> 0 packets, 0 bytes -------> NO MATCHES WHEN GOING TO
> WWW.CISCO.COM/GO/CCIE
> 30 second offered rate 0 bps, drop rate 0 bps
> Match: protocol http host "www.cisco.com"
> Match: protocol http url "/ccie"
> Match: protocol http url "*.gif|*.jpg|*.jpeg"
> drop
>
>
> class-map match-all url
> match protocol http host "www.cisco.com"
> match protocol http url "/ccie"
> match protocol http url "*.gif|*.jpg|*.jpeg"
>
> policy-map url
> class url
> drop
>
>
>
>
> On Jan 24, 2009, at 6:44 AM, Wouter Prins wrote:
>
>> I think:
>>
>> class-map match-all URL
>> match protocol http host www.cisco.com
>> match protocol http url "/ccie"
>> match protocol http url "*.gif|*.jpg|*.jpeg"
>>
>> Would also work
>> Wouter
>>
>> 2009/1/24 Roger RPF <rpf@bluemail.ch>
>>
>>> Hi group,
>>>
>>> Question regarding nbar and the class-maps. If the task tells to
>>> block all
>>> .jpeg and .gif from www.cisco.com/ccie how do you create the class
>>> map? Do
>>> we need to include the hostname part? If I look at the following
>>> link on
>>> the
>>> doccd, they say no:
>>>
>>>
>>>
> http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
>>>
> ar_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1051880<http://www
> .cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
> %0Aar_ps63
> 50_TSD_Products_Configuration_Guide_Chapter.html#wp1051880
>>>>
>>>
>>> But to me, this would mean that we would also block .jpeg and .gif
>>> for the
>>> site www.dontcheat.com/ccie or not?
>>>
>>> My solution:
>>>
>>> class-map match-all URL
>>> match protocol http host www.cisco.com
>>> match protocol http url "/ccie"
>>> match class-map URLCHILD
>>>
>>> class-map match-any URLCHILD
>>> match protocol http url "*.gif*"
>>> match protocol http url "*.jpg*"
>>> match protocol http url "*.jpeg*"
>>>
>>> What do you think?
>>>
>>> thanks
>>>
>>> Roger
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>
> Han Solo
> May the force be with you
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
Han Solo
May the force be with you
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST