Re: Marking and Dropping on same interface? from Scott Morris on 2009-07-01 (Ccielab archives 07/2009)

From: Scott Morris <smorris_at_ine.com>
Date: Wed, 01 Jul 2009 15:50:08 -0400

That document with the code sample there was done before UPD.

In your policy-map you can simply say "drop"

*Scott Morris*, CCIE/x4/ (R&S/ISP-Dial/Security/Service Provider) #4713,

JNCIE-M #153, JNCIS-ER, CISSP, et al.

JNCI-M, JNCI-ER

evil_at_ine.com

Internetwork Expert, Inc.

http://www.InternetworkExpert.com

Toll Free: 877-224-8987

Outside US: 775-826-4344

Knowledge is power.

Power corrupts.

Study hard and be Eeeeviiiil......

Ajay mehra wrote:
> Hi Scott,
>
> By null 0 i meant usinga route-map and send the marked traffic to null 0.
> Task specifically metioned using PBR and NBAR.
>
> This is what I had
>
>
> class-map match-any CODERED
>
> match protocol http url "*cmd.exe*"
>
> match protocol http url "*root.exe*"
>
> !
>
> policy-map CODERED
>
> class CODERED
>
> set dscp 1
>
> !
>
> interface Serial0/0/0.2345 multipoint (INCOMING INTERFACE FOR TRAFFIC)
>
> ip policy route-map CODERED
>
> service-policy input CODERED
>
> !
>
> ip access-list extended CODERED
>
> permit ip any any dscp 1
>
> !
>
> route-map CODERED permit 10
>
> match ip address CODERED
>
> set interface Null0
>
> Thanks,
> Ajay
> 2009/6/30 Scott Morris <smorris_at_ine.com>
>
>
>> It's called Unconditional Packet Discard aka "drop". And yes, you can do
>> it in your policy-map. It's not considered a "null 0" thing AFAIK, it's
>> just plain old drop!
>>
>>
>>
>>
>> *Scott Morris*, CCIE*x4* (R&S/ISP-Dial/Security/Service Provider) #4713,
>>
>> JNCIE-M #153, JNCIS-ER, CISSP, et al.
>>
>> JNCI-M, JNCI-ER
>>
>> evil_at_ine.com
>>
>>
>> Internetwork Expert, Inc.
>>
>> http://www.InternetworkExpert.com <http://www.internetworkexpert.com/>
>>
>> Toll Free: 877-224-8987
>>
>> Outside US: 775-826-4344
>>
>>
>> Knowledge is power.
>>
>> Power corrupts.
>>
>> Study hard and be Eeeeviiiil......
>>
>>
>>
>>
>> Ajay mehra wrote:
>>
>> Requirement is to mark and drop http traffic which contain certain types of
>> strings using NBAR and PBR.
>>
>> Is it possible to mark and drop traffic on the same interface?
>>
>> My solution was to apply both service policy(For marking) and ip
>> policy(For dropping to null 0) commands to incoming interface while the
>> actual solution has marking on incoming interface and ip policy configured
>> on outgoing interface.
>>
>>
>> Thanks,
>> Ajay
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
>>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 01 2009 - 15:50:08 ART

This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:21 ART