From: Han Solo (emaillists@me.com)
Date: Sat Jan 24 2009 - 14:08:53 ARST
For some reason I get hit and miss results when matching on various
"match protocol http host" types but this one works
INTERNET(config-cmap)#do show policy-map int g0/0
GigabitEthernet0/0
Service-policy input: url
Class-map: url (match-all)
102 packets, 67994 bytes
30 second offered rate 9000 bps, drop rate 9000 bps
Match: protocol http
drop
On Jan 24, 2009, at 7:52 AM, Han Solo wrote:
> lass Map match-all url (id 6)
> Match protocol http url "*.gif|*.jpg|*.jpeg"
> Match protocol http url "*/ccie*"
> Match protocol http host "http://www.cisco.com/"
>
> INTERNET#
> INTERNET#sh policy-map int g0/0
> GigabitEthernet0/0
>
> Service-policy input: url
>
> Class-map: url (match-all)
> 0 packets, 0 bytes
> 30 second offered rate 0 bps, drop rate 0 bps
> Match: protocol http url "*.gif|*.jpg|*.jpeg"
> Match: protocol http url "*/ccie*"
> Match: protocol http host "http://www.cisco.com/"
> drop
>
>
>
>
>
>
> On Jan 24, 2009, at 7:49 AM, Han Solo wrote:
>
>> I think it has to do with the "match-all" in the class map I am
>> trying different things , bottom line with both of the examples
>> posted so far there is no match. I have a 2851 as internet router
>> at home to try and test them so I block my wife's stuff when I come
>> home from work it really is good exercise to get these things
>> down .. Curious why these one's aren't working ? If you want to
>> jump on and test with me let me know i will start up a webex
>>
>>
>> On Jan 24, 2009, at 7:35 AM, Roger RPF wrote:
>>
>>> Well, I did not try but I guess you would have to use:
>>>
>>> match protocol http url "*/ccie"
>>>
>>> or
>>>
>>> match protocol http url "go/ccie"
>>>
>>> if that is the exact url
>>>
>>> regards
>>>
>>> Roger
>>>
>>>
>>> -----Urspr|ngliche Nachricht-----
>>> Von: Han Solo [mailto:emaillists@me.com]
>>> Gesendet: Samstag, 24. Januar 2009 16:30
>>> An: Wouter Prins
>>> Cc: Roger RPF; Cisco certification
>>> Betreff: Re: nbar / http classification question
>>>
>>> That doesn't work I tried it
>>>
>>> INTERNET#sh policy-map interface g0/0
>>> GigabitEthernet0/0
>>>
>>> Service-policy input: url
>>>
>>> Class-map: url (match-all)
>>> 0 packets, 0 bytes -------> NO MATCHES WHEN GOING TO
>>> WWW.CISCO.COM/GO/CCIE
>>> 30 second offered rate 0 bps, drop rate 0 bps
>>> Match: protocol http host "www.cisco.com"
>>> Match: protocol http url "/ccie"
>>> Match: protocol http url "*.gif|*.jpg|*.jpeg"
>>> drop
>>>
>>>
>>> class-map match-all url
>>> match protocol http host "www.cisco.com"
>>> match protocol http url "/ccie"
>>> match protocol http url "*.gif|*.jpg|*.jpeg"
>>>
>>> policy-map url
>>> class url
>>> drop
>>>
>>>
>>>
>>>
>>> On Jan 24, 2009, at 6:44 AM, Wouter Prins wrote:
>>>
>>>> I think:
>>>>
>>>> class-map match-all URL
>>>> match protocol http host www.cisco.com
>>>> match protocol http url "/ccie"
>>>> match protocol http url "*.gif|*.jpg|*.jpeg"
>>>>
>>>> Would also work
>>>> Wouter
>>>>
>>>> 2009/1/24 Roger RPF <rpf@bluemail.ch>
>>>>
>>>>> Hi group,
>>>>>
>>>>> Question regarding nbar and the class-maps. If the task tells to
>>>>> block all
>>>>> .jpeg and .gif from www.cisco.com/ccie how do you create the class
>>>>> map? Do
>>>>> we need to include the hostname part? If I look at the following
>>>>> link on
>>>>> the
>>>>> doccd, they say no:
>>>>>
>>>>>
>>>>>
>>> http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
>>>>>
>>> ar_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1051880<http://www
>>> .cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
>>> %0Aar_ps63
>>> 50_TSD_Products_Configuration_Guide_Chapter.html#wp1051880
>>>>>>
>>>>>
>>>>> But to me, this would mean that we would also block .jpeg and .gif
>>>>> for the
>>>>> site www.dontcheat.com/ccie or not?
>>>>>
>>>>> My solution:
>>>>>
>>>>> class-map match-all URL
>>>>> match protocol http host www.cisco.com
>>>>> match protocol http url "/ccie"
>>>>> match class-map URLCHILD
>>>>>
>>>>> class-map match-any URLCHILD
>>>>> match protocol http url "*.gif*"
>>>>> match protocol http url "*.jpg*"
>>>>> match protocol http url "*.jpeg*"
>>>>>
>>>>> What do you think?
>>>>>
>>>>> thanks
>>>>>
>>>>> Roger
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>> Han Solo
>>> May the force be with you
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> Han Solo
>> May the force be with you
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>
> Han Solo
> May the force be with you
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
Han Solo
May the force be with you
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST