Beat me to it ;) -- BR
Sent from my iPhone on 3 On 27 May 2013, at 19:33, Saleh Batouq <[email protected]> wrote: > Hi Imran, Good point about NBAR. But let me tell you that it does work and > you will get hits because you are actually establishing an http session to > the servers. you can event send an HTTP GET message, for example: > > > On R2 SERVER > --------- > > > ip http server > ip http secure-server > ! > Service-policy input: TRAFFIC-to-WEB-SERVER > > Class-map: TRAFFIC-to-WEB-SERVER (match-all) > 0 packets, 0 bytes > 5 minute offered rate 0 bps, drop rate 0 bps > Match: access-group 10 > Match: class-map match-any WEB > Match: protocol http > 0 packets, 0 bytes > 5 minute rate 0 bps > Match: protocol secure-http > 0 packets, 0 bytes > 5 minute rate 0 bps > police: > rate 10000 bps, burst 1500 bytes > conformed 0 packets, 0 bytes; actions: > transmit > exceeded 0 packets, 0 bytes; actions: > drop > conformed 0 bps, exceed 0 bps > > > > From R1 Client > -------- > > R1#telnet 10.2.2.2 80 /source-interface lo10 > Trying 10.2.2.2, 80 ... Open > \ > HTTP/1.1 400 Bad Request > Date: Fri, 01 Mar 2002 00:07:17 GMT > Server: cisco-IOS > Accept-Ranges: none > > 400 Bad Request > > [Connection to 10.2.2.2 closed by foreign host] > R1# > R1# > R1#telnet 10.2.2.2 443 /source-interface lo10 > Trying 10.2.2.2, 443 ... Open > > > [Connection to 10.2.2.2 closed by foreign host] > > > > On R2 > ---- > > R2#sh policy-map int > FastEthernet0/0 > > Service-policy input: TRAFFIC-to-WEB-SERVER > > Class-map: TRAFFIC-to-WEB-SERVER (match-all) > 12 packets, 720 bytes > 5 minute offered rate 0 bps, drop rate 0 bps > Match: access-group 10 > Match: class-map match-any WEB > Match: protocol http > 0 packets, 0 bytes > 5 minute rate 0 bps > Match: protocol secure-http > 0 packets, 0 bytes > 5 minute rate 0 bps > police: > rate 10000 bps, burst 1500 bytes > conformed 12 packets, 720 bytes; actions: > transmit > exceeded 0 packets, 0 bytes; actions: > drop > conformed 0 bps, exceed 0 bps > > Class-map: class-default (match-any) > 73 packets, 6042 bytes > 5 minute offered rate 0 bps, drop rate 0 bps > Match: any > > > The Child class-maps do not show hits but the parent class-map > TRAFFIC-to-WEB-SERVER (match-all) surely hits. > ! > > > > Best Regards, > > Saleh Hassan Batouq > [email protected] > Tel: +968 99365607 > Fax: +968 2469690 > P.O.Box:1083- Postal Code:112 > Muscat-Sultanate Of Oman > > > On Mon, May 27, 2013 at 7:46 PM, Imran Ali <[email protected]> wrote: > >> Tony , >> >> telnetting at port 80 , will not classify packets as web , when you are >> using NBAR , as it goes beyond the layer 3/4 and looks at the format >> also.. >> >> it does work with " ip access-list 100 tcp permit any any eq 80 " command >> , because here classifier only looks at port 80.. >> only >> >> >> >> >> On Sun, May 26, 2013 at 4:35 AM, max kamali <[email protected]> wrote: >> >>> thank you gents. >>> >>> -max >>> >>> On 5/25/2013 12:09 PM, Tony Singh wrote: >>> >>>> >>>> yes, though you'd need a policy-map & service policy to apply it, I'm >>>> sure you know >>>> >>>> to test enable http server on IOS and then telnet to either port 80/443 >>>> from the 10.x source then check the hits, I know this worked with port >> 80 >>>> >>>> -- >>>> BR >>>> >>>> Tony >>>> >>>> Sent from my iPad >>>> >>>> On 25 May 2013, at 18:58, max kamali <[email protected]> wrote: >>>> >>>> Morning, hope everyone is enjoying their weekend. >>>>> >>>>> Is it correct to assume that the class-map client will match: >>>>> 10.0.0.0/24 to port 80 or 10.0.0.0/24 to port 443 ? >>>>> >>>>> class-map match-all client >>>>> match access-group 1 >>>>> match class-map web >>>>> >>>>> >>>>> class-map match-any web >>>>> match protocol http >>>>> match protocol secure-http >>>>> >>>>> access-list 1 permit 10.0.0.0 0.0.0.255 >>>>> >>>>> >>>>> thanks >>>>> max >>>>> ______________________________**_________________ >>>>> For more information regarding industry leading CCIE Lab training, >>>>> please visit www.ipexpert.com >>>>> >>>>> Are you a CCNP or CCIE and looking for a job? Check out >>>>> www.PlatinumPlacement.com >>>>> >>>>> http://onlinestudylist.com/**mailman/listinfo/ccie_rs< >> http://onlinestudylist.com/mailman/listinfo/ccie_rs> >>>>> >>>> >>> ______________________________**_________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >>> http://onlinestudylist.com/**mailman/listinfo/ccie_rs< >> http://onlinestudylist.com/mailman/listinfo/ccie_rs> >>> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
