From: sushil menon (sushilmenon2001@gmail.com)
Date: Wed Feb 11 2009 - 13:05:25 ARST
Hi edward
by default cbac will only inspect on the standard port defined for the
applications by IANA. like http on port 80 and smtp on port 25 and so
on. but u might be running http on different ports like 8080 in ur
case.
first where does cbac does the information for the ports associated
with their respective applications. this is done with the help of
port-map. port-map is a table binding the ports to respective
applications.
u can use the command show ip port-map
it will show the default ports binded with applications.
show ip port-map http will show which port http is binded so when cbac
does inspection for http protocol it inspect for all the traffic going
on port 80.
so if u want cbac to check for http inspection on port 8080. you will
need to add that port binding to the port-map table.
here how u add it
ip port-map http port 8080.
now try
show ip port-map http
it will show u http is binded on both the ports 8080 as well as
standard port 80.
so when u inspect http
it will look for all the traffic going on port 80 as well as port 8080.
I hope this solves ur query. read the documentation for cbac in which
it talks about port map it will get u clear picture .
Regards
Sushil
On 2/11/09, Edouard Zorrilla <ezorrilla@tsf.com.pe> wrote:
> Hello,
>
> Anyone has set up :
>
> (config)#ip inspect name ccie-inspect http,
>
> on a non-standard tcp port, like 8080 for instance ?. How ?
>
> Thanks a lot.
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:10 ARST