I know in previous IOS releases NBAR protocol discovery had to be
enabled for NBAR classification however this isn't the case anymore at
least on ISR's.. I cannot say I have tried on the 7200 perhaps it is
different. Let me confirm and get back to you.
Have you tired matching by host instead of URL? For example:
match protocol http host "*.facebook.com"
Thanks.
>>>>
>>>> -----Original Message-----
>>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>>>> Abdul Muhammed
>>>> Sent: Tuesday, June 02, 2009 3:49 AM
>>>> To: Cisco certification
>>>> Subject: need help on NBAR
>>>>
>>>> Hi,
>>>>
>>>> I configured NBAR on 7200 series router to drop some unwanted traffic
>>>>
>>> from
>>>
>>>> sites like rapidshare, mediafire and others, but it matches the traffic,
>>>> but
>>>> drop ratio is zero( no dropping).
>>>> below is a result of my show policy-map int g0/2
>>>>
>>>> please why is it not dropping the packets.
>>>>
>>>> sh policy-map int g0/2
>>>> GigabitEthernet0/2
>>>>
>>>> Service-policy input: policy1
>>>>
>>>> Class-map: downloader (match-any)
>>>> 31 packets, 6418 bytes
>>>> 5 minute offered rate 0 bps, drop rate 0 bps
>>>> Match: protocol http url "*.4shared"
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol http url "*youtube*"
>>>> 31 packets, 6418 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol http url "*.googlevideo.*"
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol http url "*googlevideo*"
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol http url "*.mediafire.*"
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol http url "*mediafire*"
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol http url "*rapidshare*"
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol http url "*.rapidshare.*"
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol http url "*.tube8.*"
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol http url "*tube8*"
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> police:
>>>> cir 8000 bps, bc 1500 bytes
>>>> conformed 13 packets, 790 bytes; actions:
>>>> drop
>>>> exceeded 0 packets, 0 bytes; actions:
>>>> drop
>>>> conformed 0 bps, exceed 0 bps
>>>>
>>>> Class-map: p2p (match-any)
>>>> 5 packets, 5798 bytes
>>>> 5 minute offered rate 0 bps, drop rate 0 bps
>>>> Match: protocol edonkey
>>>> 5 packets, 5798 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol fasttrack
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol finger
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol kazaa2
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol bittorrent
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol gnutella
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol napster
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> Match: protocol vdolive
>>>> 0 packets, 0 bytes
>>>> 5 minute rate 0 bps
>>>> police:
>>>> cir 8000 bps, bc 1500 bytes
>>>> conformed 1 packets, 1434 bytes; actions:
>>>> drop
>>>> exceeded 0 packets, 0 bytes; actions:
>>>> drop
>>>> conformed 0 bps, exceed 0 bps
>>>>
>>>> Class-map: class-default (match-any)
>>>> 413369 packets, 396012906 bytes
>>>> 5 minute offered rate 1786000 bps, drop rate 0 bps
>>>> Match: any
Blogs and organic groups at http://www.ccie.net
Received on Wed Jun 03 2009 - 09:59:13 ART
This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 20:02:36 ART