I dont understand. What do you mean? On May 27, 2013 11:48 PM, "Tony Singh" <[email protected]> wrote:
> Beat me to it ;) > > -- > BR > > Sent from my iPhone on 3 > > On 27 May 2013, at 19:33, Saleh Batouq <[email protected]> wrote: > > > Hi Imran, Good point about NBAR. But let me tell you that it does work > and > > you will get hits because you are actually establishing an http session > to > > the servers. you can event send an HTTP GET message, for example: > > > > > > On R2 SERVER > > --------- > > > > > > ip http server > > ip http secure-server > > ! > > Service-policy input: TRAFFIC-to-WEB-SERVER > > > > Class-map: TRAFFIC-to-WEB-SERVER (match-all) > > 0 packets, 0 bytes > > 5 minute offered rate 0 bps, drop rate 0 bps > > Match: access-group 10 > > Match: class-map match-any WEB > > Match: protocol http > > 0 packets, 0 bytes > > 5 minute rate 0 bps > > Match: protocol secure-http > > 0 packets, 0 bytes > > 5 minute rate 0 bps > > police: > > rate 10000 bps, burst 1500 bytes > > conformed 0 packets, 0 bytes; actions: > > transmit > > exceeded 0 packets, 0 bytes; actions: > > drop > > conformed 0 bps, exceed 0 bps > > > > > > > > From R1 Client > > -------- > > > > R1#telnet 10.2.2.2 80 /source-interface lo10 > > Trying 10.2.2.2, 80 ... Open > > \ > > HTTP/1.1 400 Bad Request > > Date: Fri, 01 Mar 2002 00:07:17 GMT > > Server: cisco-IOS > > Accept-Ranges: none > > > > 400 Bad Request > > > > [Connection to 10.2.2.2 closed by foreign host] > > R1# > > R1# > > R1#telnet 10.2.2.2 443 /source-interface lo10 > > Trying 10.2.2.2, 443 ... Open > > > > > > [Connection to 10.2.2.2 closed by foreign host] > > > > > > > > On R2 > > ---- > > > > R2#sh policy-map int > > FastEthernet0/0 > > > > Service-policy input: TRAFFIC-to-WEB-SERVER > > > > Class-map: TRAFFIC-to-WEB-SERVER (match-all) > > 12 packets, 720 bytes > > 5 minute offered rate 0 bps, drop rate 0 bps > > Match: access-group 10 > > Match: class-map match-any WEB > > Match: protocol http > > 0 packets, 0 bytes > > 5 minute rate 0 bps > > Match: protocol secure-http > > 0 packets, 0 bytes > > 5 minute rate 0 bps > > police: > > rate 10000 bps, burst 1500 bytes > > conformed 12 packets, 720 bytes; actions: > > transmit > > exceeded 0 packets, 0 bytes; actions: > > drop > > conformed 0 bps, exceed 0 bps > > > > Class-map: class-default (match-any) > > 73 packets, 6042 bytes > > 5 minute offered rate 0 bps, drop rate 0 bps > > Match: any > > > > > > The Child class-maps do not show hits but the parent class-map > > TRAFFIC-to-WEB-SERVER (match-all) surely hits. > > ! > > > > > > > > Best Regards, > > > > Saleh Hassan Batouq > > [email protected] > > Tel: +968 99365607 > > Fax: +968 2469690 > > P.O.Box:1083- Postal Code:112 > > Muscat-Sultanate Of Oman > > > > > > On Mon, May 27, 2013 at 7:46 PM, Imran Ali <[email protected]> wrote: > > > >> Tony , > >> > >> telnetting at port 80 , will not classify packets as web , when you > are > >> using NBAR , as it goes beyond the layer 3/4 and looks at the format > >> also.. > >> > >> it does work with " ip access-list 100 tcp permit any any eq 80 " > command > >> , because here classifier only looks at port 80.. > >> only > >> > >> > >> > >> > >> On Sun, May 26, 2013 at 4:35 AM, max kamali <[email protected]> wrote: > >> > >>> thank you gents. > >>> > >>> -max > >>> > >>> On 5/25/2013 12:09 PM, Tony Singh wrote: > >>> > >>>> > >>>> yes, though you'd need a policy-map & service policy to apply it, I'm > >>>> sure you know > >>>> > >>>> to test enable http server on IOS and then telnet to either port > 80/443 > >>>> from the 10.x source then check the hits, I know this worked with port > >> 80 > >>>> > >>>> -- > >>>> BR > >>>> > >>>> Tony > >>>> > >>>> Sent from my iPad > >>>> > >>>> On 25 May 2013, at 18:58, max kamali <[email protected]> wrote: > >>>> > >>>> Morning, hope everyone is enjoying their weekend. > >>>>> > >>>>> Is it correct to assume that the class-map client will match: > >>>>> 10.0.0.0/24 to port 80 or 10.0.0.0/24 to port 443 ? > >>>>> > >>>>> class-map match-all client > >>>>> match access-group 1 > >>>>> match class-map web > >>>>> > >>>>> > >>>>> class-map match-any web > >>>>> match protocol http > >>>>> match protocol secure-http > >>>>> > >>>>> access-list 1 permit 10.0.0.0 0.0.0.255 > >>>>> > >>>>> > >>>>> thanks > >>>>> max > >>>>> ______________________________**_________________ > >>>>> For more information regarding industry leading CCIE Lab training, > >>>>> please visit www.ipexpert.com > >>>>> > >>>>> Are you a CCNP or CCIE and looking for a job? Check out > >>>>> www.PlatinumPlacement.com > >>>>> > >>>>> http://onlinestudylist.com/**mailman/listinfo/ccie_rs< > >> http://onlinestudylist.com/mailman/listinfo/ccie_rs> > >>>>> > >>>> > >>> ______________________________**_________________ > >>> For more information regarding industry leading CCIE Lab training, > please > >>> visit www.ipexpert.com > >>> > >>> Are you a CCNP or CCIE and looking for a job? Check out > >>> www.PlatinumPlacement.com > >>> > >>> http://onlinestudylist.com/**mailman/listinfo/ccie_rs< > >> http://onlinestudylist.com/mailman/listinfo/ccie_rs> > >>> > >> _______________________________________________ > >> For more information regarding industry leading CCIE Lab training, > please > >> visit www.ipexpert.com > >> > >> Are you a CCNP or CCIE and looking for a job? Check out > >> www.PlatinumPlacement.com > >> > >> http://onlinestudylist.com/mailman/listinfo/ccie_rs > >> > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
