Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
573
Views
0
Helpful
2
Replies

Catalyst 6500 block http incomplete request?

nvanphuong
Level 1
Level 1

‎08-08-2007 08:27 PM - edited ‎03-05-2019 05:47 PM

Hello everyone,

I have Catalyst 6500 in my nework, topology like this:

Users (many VLANs) ---> Catalyst6500 ---> SquidProxy ---> Internet

Many users have suffered from virus, there are many request to some sites not real in the internet (ex: winibm.com,..); that causes SquidProxy out of service (down).

I want to block these requests on the Cat6500 so I use IP INSPECT feature, in the following link:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_white_paper0900aecd804e5098.shtml

But it seems not to work as I expected: the users go to the Internet very slow, sometime Squid-Proxy is again down.

My question is :

Is there any feature in Catalyst 6500 that solve the problem?

If not, Which module or line card can I upgrade to the Catalyst 6500 to solve thoroughly?

Catayst 6500 use:

- IOS: s72033-ipservicesk9-mz.122-18.SXF6.bin

- CEF720 24 port 1000mb SFP WS-X6724-SFP

- 48-port 10/100/1000 RJ45 EtherModule WS-X6148A-GE-TX

- Supervisor Engine 720 WS-SUP720-3B

My config is:

!

ip inspect max-incomplete high 1200

ip inspect max-incomplete low 1000

ip inspect one-minute low 300

ip inspect one-minute high 400

ip inspect tcp max-incomplete host 50 block-time 10

ip inspect name DDOS http

ip inspect name DDOS tcp

!

interface Vlan100

description ### To Squid Proxy ###

ip inspect DDOS out

!

Many Thanks,

Phuong

Labels:
0 Helpful
2 Replies 2

wochanda
Level 4
Level 4

‎08-09-2007 05:33 AM

Since CBAC is not supported in the hardware forwarding path of the 6500, it is likely the slowness you're seeing is a result of all of these packets being sent to software.

If you're looking for a faster way of doing URL filtering and firewall on the 6500, you probably want to look at the FWSM module. Here is the documentation:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/intro_f.html

0 Helpful

nvanphuong
Level 1
Level 1
In response to wochanda

‎08-09-2007 08:48 PM

Thanks for reply,

"Since CBAC is not supported in the hardware forwarding path of the 6500"

->I really need some links or documents talking about this.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card