Hi Ryan
I don't want to put words in Steve's mouth, but perhaps it was an
assumption based on:
router#sh ip nbar port-map http
port-map http tcp 80
However, I've confirmed that it works as you've described. I thought
IOS might've been clever enough to map this traffic based on the use
of a http:// URL in the copy command, but I tested the same scenario
where an intermediate router is performing the NBAR-based
classification, and it still picks up non-tcp/80 traffic (I used
tcp/3232) as HTTP.
It's what you'd hope for in a packet inspection engine, anyway, right?
:-) Pretty useless otherwise.
cheers,
Dale
On Sat, May 2, 2009 at 12:23 PM, Ryan West <rwest_at_zyedge.com> wrote:
> Steve,
>
> Not sure what you mean, the reference to www was from the ACL, which is static set at 80 of course. Match protocol http will crack the packet and match HTTP traffic on any port. No protocol-discovery was enabled on any interfaces either:
>
> class-map match-all HTTP
> match protocol http
> policy-map QoS
> class HTTP
> set ip dscp af21
> interface Serial1/2
> ip address 10.10.10.3 255.255.255.0
> clock rate 64000
> service-policy output QoS
> ip http server
> ip http port 8085
> no ip http secure-server
> ip http path flash:
>
> Router#copy http://10.10.10.3:8085/lab9 null:
>
> r3#s policy-map int
> Serial1/2
>
> Service-policy output: QoS
>
> Class-map: HTTP (match-all)
> 14 packets, 1750 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol http
> QoS Set
> dscp af21
> Packets marked 14
>
> -ryan
Blogs and organic groups at http://www.ccie.net
Received on Sat May 02 2009 - 12:43:55 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 07:04:41 ART