Hi,
here is the sh run
!
!
!
!
!
!
!
class-map match-any downloader
match protocol http url "*.googlevideo.*"
match protocol http url "*.mediafire.*"
match protocol http url "*.rapidshare.*"
match protocol http url "*.tube8.*"
match protocol http url "www.4shared.com"
match protocol http url "www.youtube.com"
match protocol http url "www.rapidshare.com"
match protocol http url "www.facebook.com"
match protocol http url "*.facebook.com"
match protocol http url "*.mediafire.com"
match protocol http url "*.4shared.*"
match protocol http url "*.facebook.*"
match protocol http url "http://www.facebook.com"
match protocol http url "http://video.google.com/"
match protocol http url "video.google.com"
class-map match-any downloader2
match protocol http mime "*.youtube.*"
class-map match-any p2p
match protocol napster
match protocol vdolive
match protocol kazaa2 file-transfer "*"
match protocol gnutella file-transfer "*"
match protocol edonkey
match protocol fasttrack file-transfer "*"
match protocol finger
match protocol bittorrent
!
!
policy-map policy1
class downloader
drop
class p2p
drop
class downloader2
drop
!
!
!
bridge irb
!
!
!
!
interface GigabitEthernet0/1
description * Netcom-2 *
ip address 196.220.22.200 255.255.255.128
duplex full
speed auto
media-type rj45
negotiation auto
!
interface FastEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
description * SkyPower *
ip address 217.20.253.90 255.255.255.248
ip nbar protocol-discovery
no ip route-cache cef
duplex full
speed auto
media-type rj45
negotiation auto
service-policy input policy1
service-policy output policy1
!
AUNRouter(config-cmap)#do sh policy-map int g0/2
GigabitEthernet0/2
Service-policy input: policy1
Class-map: downloader (match-any)
4815 packets, 929146 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*.googlevideo.*"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "*.mediafire.*"
20 packets, 3729 bytes
5 minute rate 0 bps
Match: protocol http url "*.rapidshare.*"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "*.tube8.*"
1 packets, 60 bytes
5 minute rate 0 bps
Match: protocol http url "www.4shared.com"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "www.youtube.com"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "www.rapidshare.com"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "www.facebook.com"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "*.facebook.com"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "*.mediafire.com"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "*.4shared.*"
4 packets, 647 bytes
5 minute rate 0 bps
Match: protocol http url "*.facebook.*"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "http://www.facebook.com"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "http://video.google.com/"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "video.google.com"
0 packets, 0 bytes
5 minute rate 0 bps
drop
Class-map: p2p (match-any)
1003 packets, 264636 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol napster
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol vdolive
236 packets, 14922 bytes
5 minute rate 0 bps
Match: protocol kazaa2 file-transfer "*"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol gnutella file-transfer "*"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol edonkey
762 packets, 243916 bytes
5 minute rate 0 bps
Match: protocol fasttrack file-transfer "*"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol finger
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol bittorrent
0 packets, 0 bytes
5 minute rate 0 bps
drop
Class-map: downloader2 (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http mime "*.youtube.*"
0 packets, 0 bytes
5 minute rate 0 bps
drop
Class-map: class-default (match-any)
63293966 packets, 60160389661 bytes
5 minute offered rate 31000 bps, drop rate 0 bps
Match: any
Service-policy output: policy1
Class-map: downloader (match-any)
34184 packets, 10706970 bytes
5 minute offered rate 1000 bps, drop rate 1000 bps
Match: protocol http url "*.googlevideo.*"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "*.mediafire.*"
81 packets, 41406 bytes
5 minute rate 0 bps
Match: protocol http url "*.rapidshare.*"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "*.tube8.*"
5 packets, 3532 bytes
5 minute rate 0 bps
Match: protocol http url "www.4shared.com"
0 packets, 0 bytes
--More-- ��������� ��������� 5 minute rate 0 bps
Match: protocol http url "www.youtube.com"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "www.rapidshare.com"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "www.facebook.com"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "*.facebook.com"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "*.mediafire.com"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "*.4shared.*"
37 packets, 15862 bytes
5 minute rate 1000 bps
Match: protocol http url "*.facebook.*"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "http://www.facebook.com"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "http://video.google.com/"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "video.google.com"
0 packets, 0 bytes
5 minute rate 0 bps
drop
Class-map: p2p (match-any)
3 packets, 186 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol napster
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol vdolive
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol kazaa2 file-transfer "*"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol gnutella file-transfer "*"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol edonkey
2 packets, 124 bytes
5 minute rate 0 bps
Match: protocol fasttrack file-transfer "*"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol finger
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol bittorrent
0 packets, 0 bytes
5 minute rate 0 bps
drop
Class-map: downloader2 (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http mime "*.youtube.*"
0 packets, 0 bytes
5 minute rate 0 bps
drop
Class-map: class-default (match-any)
51002710 packets, 6845196260 bytes
5 minute offered rate 2000 bps, drop rate 0 bps
Match: any
AUNRouter(config-cmap)#
thanks
On Tue, Jun 2, 2009 at 4:51 PM, muhammad adnan
<taurusadnan19_at_gmail.com>wrote:
> can you post sh run with the concerned commands.this can be helpful to us
>
>
> thank
>
> On Tue, Jun 2, 2009 at 6:57 PM, Abdul Muhammed <abdulmuri_at_gmail.com>wrote:
>
>> Hi,
>>
>> I initially configure the class- map matching all the url and the
>> protocols
>> and define the my policy-map with action drop and applied it for both
>> inbound and outbound on the WAN interface. still, it matches and and their
>> was no drop action,
>>
>> Then I decided to implement policing to drop all the packet, but is still
>> the same thing.
>>
>> I hope policy based Routing do not have effect on NBAR as I have policy
>> base
>> routing on the interface
>>
>>
>> Thanks
>>
>> On Tue, Jun 2, 2009 at 1:49 PM, Ryan West <rwest_at_zyedge.com> wrote:
>>
>> > Abdul,
>> >
>> > Without reference to which direction your flow is, I would say that
>> you're
>> > policing your requests and not the return traffic from those sites. If
>> you
>> > want an atomic drop of the outgoing request to that site, you should use
>> > drop in favor of policing or apply a mark to the packet and drop it with
>> an
>> > egress ACL.
>> >
>> > -ryan
>> >
>> > -----Original Message-----
>> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> > Abdul Muhammed
>> > Sent: Tuesday, June 02, 2009 3:49 AM
>> > To: Cisco certification
>> > Subject: need help on NBAR
>> >
>> > Hi,
>> >
>> > I configured NBAR on 7200 series router to drop some unwanted traffic
>> from
>> > sites like rapidshare, mediafire and others, but it matches the traffic,
>> > but
>> > drop ratio is zero( no dropping).
>> > below is a result of my show policy-map int g0/2
>> >
>> > please why is it not dropping the packets.
>> >
>> > sh policy-map int g0/2
>> > GigabitEthernet0/2
>> >
>> > Service-policy input: policy1
>> >
>> > Class-map: downloader (match-any)
>> > 31 packets, 6418 bytes
>> > 5 minute offered rate 0 bps, drop rate 0 bps
>> > Match: protocol http url "*.4shared"
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol http url "*youtube*"
>> > 31 packets, 6418 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol http url "*.googlevideo.*"
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol http url "*googlevideo*"
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol http url "*.mediafire.*"
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol http url "*mediafire*"
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol http url "*rapidshare*"
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol http url "*.rapidshare.*"
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol http url "*.tube8.*"
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol http url "*tube8*"
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > police:
>> > cir 8000 bps, bc 1500 bytes
>> > conformed 13 packets, 790 bytes; actions:
>> > drop
>> > exceeded 0 packets, 0 bytes; actions:
>> > drop
>> > conformed 0 bps, exceed 0 bps
>> >
>> > Class-map: p2p (match-any)
>> > 5 packets, 5798 bytes
>> > 5 minute offered rate 0 bps, drop rate 0 bps
>> > Match: protocol edonkey
>> > 5 packets, 5798 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol fasttrack
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol finger
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol kazaa2
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol bittorrent
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol gnutella
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol napster
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol vdolive
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > police:
>> > cir 8000 bps, bc 1500 bytes
>> > conformed 1 packets, 1434 bytes; actions:
>> > drop
>> > exceeded 0 packets, 0 bytes; actions:
>> > drop
>> > conformed 0 bps, exceed 0 bps
>> >
>> > Class-map: class-default (match-any)
>> > 413369 packets, 396012906 bytes
>> > 5 minute offered rate 1786000 bps, drop rate 0 bps
>> > Match: any
>> >
>> > --
>> > Cherish your visions and your dreams as they are the children of your
>> soul,
>> > the blueprints of your ultimate achievements. "Napoleon Hill"
>> >
>> > There are no limitations to the mind except those we acknowledge; both
>> > poverty and riches are the offspring of thought. "Napoleon Hill"
>> >
>> > Abdul Muhammed Murtala
>> > American University of Nigeria
>> > Lamido Zubairu way, Yola
>> > Adamawa
>> > +2348052001153, +2348056201237
>> >
>> > Network Manager
>> > MCSE,MCDBA,MCSA,OCPDBA,CCNA,CCIE Written.
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>> --
>> Cherish your visions and your dreams as they are the children of your
>> soul,
>> the blueprints of your ultimate achievements. "Napoleon Hill"
>>
>> There are no limitations to the mind except those we acknowledge; both
>> poverty and riches are the offspring of thought. "Napoleon Hill"
>>
>> Abdul Muhammed Murtala
>> American University of Nigeria
>> Lamido Zubairu way, Yola
>> Adamawa
>> +2348052001153, +2348056201237
>>
>> Network Manager
>> MCSE,MCDBA,MCSA,OCPDBA,CCNA,CCIE Written.
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
--
Cherish your visions and your dreams as they are the children of your soul,
the blueprints of your ultimate achievements. "Napoleon Hill"
There are no limitations to the mind except those we acknowledge; both
poverty and riches are the offspring of thought. "Napoleon Hill"
Abdul Muhammed Murtala
American University of Nigeria
Lamido Zubairu way, Yola
Adamawa
+2348052001153, +2348056201237
Network Manager
MCSE,MCDBA,MCSA,OCPDBA,CCNA,CCIE Written.
Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 02 2009 - 18:00:13 ART