Re: need help on NBAR

Unless googlevideo exists in the actual URL, you arent matching any traffic.
URL is what trails www.host.com/URL-Here.

On Wed, Jun 3, 2009 at 9:59 AM, Tom Harbert <thomas.harbert_at_gmail.com>wrote:

> I know in previous IOS releases NBAR protocol discovery had to be enabled
> for NBAR classification however this isn't the case anymore at least on
> ISR's.. I cannot say I have tried on the 7200 perhaps it is different. Let
> me confirm and get back to you.
>
> Have you tired matching by host instead of URL? For example:
>
> match protocol http host "*.facebook.com"
>
>
> Thanks.
>
>
>
>
>
>
>
>>>>> -----Original Message-----
>>>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
>>>>> Of
>>>>> Abdul Muhammed
>>>>> Sent: Tuesday, June 02, 2009 3:49 AM
>>>>> To: Cisco certification
>>>>> Subject: need help on NBAR
>>>>>
>>>>> Hi,
>>>>>
>>>>> I configured NBAR on 7200 series router to drop some unwanted traffic
>>>>>
>>>>>
>>>> from
>>>>
>>>>
>>>>> sites like rapidshare, mediafire and others, but it matches the
>>>>> traffic,
>>>>> but
>>>>> drop ratio is zero( no dropping).
>>>>> below is a result of my show policy-map int g0/2
>>>>>
>>>>> please why is it not dropping the packets.
>>>>>
>>>>> sh policy-map int g0/2
>>>>> GigabitEthernet0/2
>>>>>
>>>>> Service-policy input: policy1
>>>>>
>>>>> Class-map: downloader (match-any)
>>>>> 31 packets, 6418 bytes
>>>>> 5 minute offered rate 0 bps, drop rate 0 bps
>>>>> Match: protocol http url "*.4shared"
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol http url "*youtube*"
>>>>> 31 packets, 6418 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol http url "*.googlevideo.*"
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol http url "*googlevideo*"
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol http url "*.mediafire.*"
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol http url "*mediafire*"
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol http url "*rapidshare*"
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol http url "*.rapidshare.*"
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol http url "*.tube8.*"
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol http url "*tube8*"
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> police:
>>>>> cir 8000 bps, bc 1500 bytes
>>>>> conformed 13 packets, 790 bytes; actions:
>>>>> drop
>>>>> exceeded 0 packets, 0 bytes; actions:
>>>>> drop
>>>>> conformed 0 bps, exceed 0 bps
>>>>>
>>>>> Class-map: p2p (match-any)
>>>>> 5 packets, 5798 bytes
>>>>> 5 minute offered rate 0 bps, drop rate 0 bps
>>>>> Match: protocol edonkey
>>>>> 5 packets, 5798 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol fasttrack
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol finger
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol kazaa2
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol bittorrent
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol gnutella
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol napster
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> Match: protocol vdolive
>>>>> 0 packets, 0 bytes
>>>>> 5 minute rate 0 bps
>>>>> police:
>>>>> cir 8000 bps, bc 1500 bytes
>>>>> conformed 1 packets, 1434 bytes; actions:
>>>>> drop
>>>>> exceeded 0 packets, 0 bytes; actions:
>>>>> drop
>>>>> conformed 0 bps, exceed 0 bps
>>>>>
>>>>> Class-map: class-default (match-any)
>>>>> 413369 packets, 396012906 bytes
>>>>> 5 minute offered rate 1786000 bps, drop rate 0 bps
>>>>> Match: any
>>>>>
>>>>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jun 03 2009 - 19:56:17 ART