From: Shahnawaz Khot (shahnawaz4ccie@gmail.com)
Date: Wed Feb 25 2009 - 09:53:59 ARST
Hello expert,
What is wrong with my following policy if I am applying this in input
direction on a vlan interface.
One class(XYZ) matches url string "/home/xyz" which a user is using to
upload some huge bandwidth files. The idea is to limit him on 32 Kbps.
Another class(XYZ2) is used to limit the bandwidth to access
www.xyz.com website.
class-map match-all XYZ
match protocol http url "/home/xyz*"
class-map match-all XYZ2
match protocol http host "http://www.xyz.com*"
!
!
policy-map XYZ
class XYZ
police cir 32000
class XYZ2
police cir 32000
With this double matching, I did not find any packets matched under this
class whereas users are browsing the site frequently.
CORE-II#show policy-map interface vlan 102
Vlan102
Service-policy input: XYZ
Class-map: XYZ (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "/home/xyz*"
Class-map: XYZ2 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http host "http://www.xyz.com*"
Class-map: class-default (match-any)
475483 packets, 93943800 bytes
5 minute offered rate 285000 bps, drop rate 0 bps
Match: any
XYZ is a keyword use to hide the original website address. Please suggest.
Thank you,
Shahnawaz
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:12 ARST