From: Ivan Walker (ivan@itpro.co.nz)
Date: Mon Feb 23 2009 - 23:14:07 ARST
I think I will have to lab this one up to test. As this has been quite a
popular topic without a valid confirmed answer. A few have stated that
return traffic associated with the request is also matched but so far I
fail to comprehend how out matching and policing outbound to a web
server will magically enable policing inbound for reply traffic from
that web server. If this was the case what would happen if there was an
existing inbound policy in place that conflicts?
Ivan
Dale Shaw wrote:
> Hi,
>
> On Tue, Feb 24, 2009 at 9:51 AM, mahmoud genidy <ccie.mahmoud@gmail.com> wrote:
>
>> Ok, now how we can match the traffic coming from SPECIFIC web-server
>> (Server->Client) if I can't match based on HOST and URL?
>> Of course assuming I don't have the IP address of the web-server.
>>
>
> If you classify the traffic using 'match protocol http host' or 'match
> protocol http url' in a service-policy applied OUT (i.e. catching the
> HTTP GET), the return traffic associated with the original outbound
> request is matched also -- i.e. the web server's response to the
> original request.
>
> The direction of the traffic you classify doesn't _really_ matter.
> This is (very) briefly explained in either the config guide or command
> reference (I forget which).
>
> cheers,
> Dale
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:12 ARST