Re: AW: nbar / http classification question

From: Jason Madsen (madsen.jason@gmail.com)
Date: Sat Jan 24 2009 - 14:19:02 ARST

• Next message: Han Solo: "Re: AW: nbar / http classification question"
• Previous message: Jason Madsen: "Re: AW: nbar / http classification question"
• Maybe in reply to: Roger RPF: "AW: nbar / http classification question"
• Next in thread: Han Solo: "Re: AW: nbar / http classification question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I guess URL matching for the JPEG part should be fine too though...either
way.

On Sat, Jan 24, 2009 at 9:15 AM, Jason Madsen <madsen.jason@gmail.com>wrote:

> I recommend you guys try just using URL for your URL match, rather than
> host and either put the entire URL string in your match statement or else
> use asterisks. For your image matching, I recommend you guys try matching
> JPEG via. http mime, rather than URL.
>
> Jason
>
>
> On Sat, Jan 24, 2009 at 9:08 AM, Han Solo <emaillists@me.com> wrote:
>
>> For some reason I get hit and miss results when matching on various "match
>> protocol http host" types but this one works
>>
>> INTERNET(config-cmap)#do show policy-map int g0/0
>> GigabitEthernet0/0
>>
>> Service-policy input: url
>>
>> Class-map: url (match-all)
>> 102 packets, 67994 bytes
>> 30 second offered rate 9000 bps, drop rate 9000 bps
>> Match: protocol http
>> drop
>>
>>
>>
>>
>>
>>
>>
>>
>> On Jan 24, 2009, at 7:52 AM, Han Solo wrote:
>>
>> lass Map match-all url (id 6)
>>> Match protocol http url "*.gif|*.jpg|*.jpeg"
>>> Match protocol http url "*/ccie*"
>>> Match protocol http host "http://www.cisco.com/"
>>>
>>> INTERNET#
>>> INTERNET#sh policy-map int g0/0
>>> GigabitEthernet0/0
>>>
>>> Service-policy input: url
>>>
>>> Class-map: url (match-all)
>>> 0 packets, 0 bytes
>>> 30 second offered rate 0 bps, drop rate 0 bps
>>> Match: protocol http url "*.gif|*.jpg|*.jpeg"
>>> Match: protocol http url "*/ccie*"
>>> Match: protocol http host "http://www.cisco.com/"
>>> drop
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Jan 24, 2009, at 7:49 AM, Han Solo wrote:
>>>
>>> I think it has to do with the "match-all" in the class map I am trying
>>>> different things , bottom line with both of the examples posted so far there
>>>> is no match. I have a 2851 as internet router at home to try and test them
>>>> so I block my wife's stuff when I come home from work it really is good
>>>> exercise to get these things down .. Curious why these one's aren't working
>>>> ? If you want to jump on and test with me let me know i will start up a
>>>> webex
>>>>
>>>>
>>>> On Jan 24, 2009, at 7:35 AM, Roger RPF wrote:
>>>>
>>>> Well, I did not try but I guess you would have to use:
>>>>>
>>>>> match protocol http url "*/ccie"
>>>>>
>>>>> or
>>>>>
>>>>> match protocol http url "go/ccie"
>>>>>
>>>>> if that is the exact url
>>>>>
>>>>> regards
>>>>>
>>>>> Roger
>>>>>
>>>>>
>>>>> -----Urspr|ngliche Nachricht-----
>>>>> Von: Han Solo [mailto:emaillists@me.com]
>>>>> Gesendet: Samstag, 24. Januar 2009 16:30
>>>>> An: Wouter Prins
>>>>> Cc: Roger RPF; Cisco certification
>>>>> Betreff: Re: nbar / http classification question
>>>>>
>>>>> That doesn't work I tried it
>>>>>
>>>>> INTERNET#sh policy-map interface g0/0
>>>>> GigabitEthernet0/0
>>>>>
>>>>> Service-policy input: url
>>>>>
>>>>> Class-map: url (match-all)
>>>>> 0 packets, 0 bytes -------> NO MATCHES WHEN GOING TO
>>>>> WWW.CISCO.COM/GO/CCIE
>>>>> 30 second offered rate 0 bps, drop rate 0 bps
>>>>> Match: protocol http host "www.cisco.com"
>>>>> Match: protocol http url "/ccie"
>>>>> Match: protocol http url "*.gif|*.jpg|*.jpeg"
>>>>> drop
>>>>>
>>>>>
>>>>> class-map match-all url
>>>>> match protocol http host "www.cisco.com"
>>>>> match protocol http url "/ccie"
>>>>> match protocol http url "*.gif|*.jpg|*.jpeg"
>>>>>
>>>>> policy-map url
>>>>> class url
>>>>> drop
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Jan 24, 2009, at 6:44 AM, Wouter Prins wrote:
>>>>>
>>>>> I think:
>>>>>>
>>>>>> class-map match-all URL
>>>>>> match protocol http host www.cisco.com
>>>>>> match protocol http url "/ccie"
>>>>>> match protocol http url "*.gif|*.jpg|*.jpeg"
>>>>>>
>>>>>> Would also work
>>>>>> Wouter
>>>>>>
>>>>>> 2009/1/24 Roger RPF <rpf@bluemail.ch>
>>>>>>
>>>>>> Hi group,
>>>>>>>
>>>>>>> Question regarding nbar and the class-maps. If the task tells to
>>>>>>> block all
>>>>>>> .jpeg and .gif from www.cisco.com/ccie how do you create the class
>>>>>>> map? Do
>>>>>>> we need to include the hostname part? If I look at the following
>>>>>>> link on
>>>>>>> the
>>>>>>> doccd, they say no:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>> http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
>>>>>
>>>>>>
>>>>>>> ar_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1051880<
>>>>> http://www
>>>>> .cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
>>>>> %0Aar_ps63
>>>>> 50_TSD_Products_Configuration_Guide_Chapter.html#wp1051880
>>>>>
>>>>>>
>>>>>>>>
>>>>>>> But to me, this would mean that we would also block .jpeg and .gif
>>>>>>> for the
>>>>>>> site www.dontcheat.com/ccie or not?
>>>>>>>
>>>>>>> My solution:
>>>>>>>
>>>>>>> class-map match-all URL
>>>>>>> match protocol http host www.cisco.com
>>>>>>> match protocol http url "/ccie"
>>>>>>> match class-map URLCHILD
>>>>>>>
>>>>>>> class-map match-any URLCHILD
>>>>>>> match protocol http url "*.gif*"
>>>>>>> match protocol http url "*.jpg*"
>>>>>>> match protocol http url "*.jpeg*"
>>>>>>>
>>>>>>> What do you think?
>>>>>>>
>>>>>>> thanks
>>>>>>>
>>>>>>> Roger
>>>>>>>
>>>>>>>
>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________________________________
>>>>>>> Subscription information may be found at:
>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>
>>>>>>
>>>>>>
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>
>>>>>>
>>>>>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> Han Solo
>>>>> May the force be with you
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> Han Solo
>>>> May the force be with you
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>> Han Solo
>>> May the force be with you
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>> Han Solo
>> May the force be with you
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Han Solo: "Re: AW: nbar / http classification question"
• Previous message: Jason Madsen: "Re: AW: nbar / http classification question"
• Maybe in reply to: Roger RPF: "AW: nbar / http classification question"
• Next in thread: Han Solo: "Re: AW: nbar / http classification question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST