NBAR - match protocol http host not matching

From: Jan Willem Bouman <janwillem.bouman_at_gmail.com>
Date: Wed, 10 Jun 2009 19:35:02 -0300

Hello,

I am trying to verify my nbar configuration and cannot see my traffic
matching (I do see it when I am only configuring "match protocol http").

Configuration on R4:
!
ip cef
!
ip host www.test.com 173.1.45.5
!
class-map match-all test
 match protocol http host "www.test.com"
!
policy-map ptest
 class test
  set dscp af13
!
interface Serial0/0/1
 ip address 173.1.45.4 255.255.255.0
 clock rate 128000
 service-policy input ptest
 service-policy output ptest
!

On R5:
ip http server
ip http authentication local
no ip http secure-server
ip http client source-interface Serial0/0/1
ip http path flash:
!
interface Serial0/0/1
 ip address 173.1.45.5 255.255.255.0
!

SHOW COMMANDS:
Rack1R4#sh policy-map int s0/0/1
 Serial0/0/1

  Service-policy input: ptest

    Class-map: test (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol http host "www.test.com"
      QoS Set
        dscp af13
          Packets marked 0

    Class-map: class-default (match-any)
      245 packets, 14128 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any

  Service-policy output: ptest

    Class-map: test (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol http host "www.test.com"
      QoS Set
        dscp af13
          Packets marked 0

    Class-map: class-default (match-any)
      684 packets, 41150 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
Rack1R4#

Do I use the right method to simultate this?

Rack1R4#telnet www.test.com 80
Trying www.test.com (173.1.45.5, 80)... Open
GET /test.jpg HTTP/1.0
HOST www.test.com

HTTP/1.1 401 Unauthorized
Date: Wed, 10 Jun 2009 22:32:13 GMT
Server: cisco-IOS
Accept-Ranges: none
WWW-Authenticate: Basic realm="level_15 or view_access"

401 Unauthorized

[Connection to www.test.com closed by foreign host]
Rack1R4#

On the server side I am seeing the following:

Rack1R5#
*Jun 10 22:32:13.843: its_urlhook url: /test.jpg, method 1
*Jun 10 22:32:13.843: lds_urlhook, url=/test.jpg
*Jun 10 22:32:13.843: Wed, 10 Jun 2009 22:32:13 GMT 173.1.45.4 /test.jpg
auth_required
        Protocol = HTTP/1.0 Method = GET
*Jun 10 22:32:13.843:
Rack1R5#

GET /test.jpg HTTP/1.0
HOST www.test.com

Blogs and organic groups at http://www.ccie.net
Received on Wed Jun 10 2009 - 19:35:02 ART

This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 20:02:37 ART