Re: Marking and Dropping on same interface? from Ajay mehra on 2009-07-01 (Ccielab archives 07/2009)

From: Ajay mehra <ajaymehra01_at_gmail.com>
Date: Wed, 1 Jul 2009 12:21:54 +0530

Hi Scott,

By null 0 i meant usinga route-map and send the marked traffic to null 0.
Task specifically metioned using PBR and NBAR.

This is what I had

class-map match-any CODERED

match protocol http url "*cmd.exe*"

match protocol http url "*root.exe*"

policy-map CODERED

class CODERED

set dscp 1

interface Serial0/0/0.2345 multipoint (INCOMING INTERFACE FOR TRAFFIC)

ip policy route-map CODERED

service-policy input CODERED

ip access-list extended CODERED

permit ip any any dscp 1

route-map CODERED permit 10

match ip address CODERED

set interface Null0

Thanks,
Ajay
2009/6/30 Scott Morris <smorris_at_ine.com>

> It's called Unconditional Packet Discard aka "drop". And yes, you can do
> it in your policy-map. It's not considered a "null 0" thing AFAIK, it's
> just plain old drop!
>
>
>
>
> *Scott Morris*, CCIE*x4* (R&S/ISP-Dial/Security/Service Provider) #4713,
>
> JNCIE-M #153, JNCIS-ER, CISSP, et al.
>
> JNCI-M, JNCI-ER
>
> evil_at_ine.com
>
>
> Internetwork Expert, Inc.
>
> http://www.InternetworkExpert.com <http://www.internetworkexpert.com/>
>
> Toll Free: 877-224-8987
>
> Outside US: 775-826-4344
>
>
> Knowledge is power.
>
> Power corrupts.
>
> Study hard and be Eeeeviiiil......
>
>
>
>
> Ajay mehra wrote:
>
> Requirement is to mark and drop http traffic which contain certain types of
> strings using NBAR and PBR.
>
> Is it possible to mark and drop traffic on the same interface?
>
> My solution was to apply both service policy(For marking) and ip
> policy(For dropping to null 0) commands to incoming interface while the
> actual solution has marking on incoming interface and ip policy configured
> on outgoing interface.
>
>
> Thanks,
> Ajay
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 01 2009 - 12:21:54 ART

This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:21 ART