03-13-2008 03:20 PM - edited 03-03-2019 09:07 PM
i have a web application that sits at our central office and the client computers are off
site at a branch office connected by a multilink (2T1's) to a 7204 then across 3 T1's
to the destination central office. the web app is basic http port 80. i currently have an
ACL matching the port 80 traffic beginning at the source (branch) like this - permit tcp any host 10.10.5.36 eq www (446221 matches).
and this for a class-map -
class-map match-any CLOSING-SITE
match access-group 102
and this policy-map -
class CLOSING-SITE
bandwidth percent 10
on the 7204 which sits between the source and destination im getting matches Class-map: CLOSING-SITE (match-any)
11267 packets, 966658 bytes
but at the dest site i get nothing
Class-map: CLOSING-SITE (match-any)
0 packets, 0 bytes
with this ACL - permit tcp host 10.10.5.36 10.10.166.0 0.0.0.255 eq www
20 permit tcp 10.10.166.0 0.0.0.255 host 10.10.5.36 eq www
whats wrong here and should i be marking the web app traffic once i do get matching?
please let me know if you need more info and or configs.
thanks in advance - Jerry
03-18-2008 09:59 AM
any takers?
03-18-2008 12:04 PM
Yes full configs, and perhaps a simple topologoy diagram, would be helpful.
03-18-2008 12:34 PM
03-18-2008 01:16 PM
I'm unsure where you see the problem. The "corporate" router in you attachment shows matches against access list 102, but you're saying you don't see matches within the policy?
PS:
There's no access list 102 for the "NOC" router in your attachment?
03-18-2008 02:41 PM
i dont see any matches coming from the NOC/edwards router.
sh policy-map int on the NOC/edwards router.
Class-map: CLOSING-SITE (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: access-group 102
0 packets, 0 bytes
30 second rate 0 bps
Queueing
Output Queue: Conversation 266
Bandwidth 24 (%)
Bandwidth 370 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
EWT_NOC#sh access-lists 102
Extended IP access list 102
10 permit tcp host 10.10.5.36 10.10.166.0 0.0.0.255 eq www
20 permit tcp 10.10.166.0 0.0.0.255 host 10.10.5.36 eq www
oh i almost forgot - should i be marking the closing site traffic?
03-18-2008 04:20 PM
Could it be as simple as since the policy is outbound on your serial ports, you should be looking at the source port, not the destination port.
I.e.
10 permit tcp host 10.10.5.36 10.10.166.0 0.0.0.255 eq www
should be?
10 permit tcp host 10.10.5.36 eq www 10.10.166.0 0.0.0.255
03-18-2008 04:28 PM
ill try it - thanks.
03-18-2008 04:36 PM
i have matches - ill see if the users notice the difference.
EWT_NOC#sh access-lists 102
Extended IP access list 102
10 permit tcp host 10.10.5.36 eq www 10.10.166.0 0.0.0.255 (50 matches)
20 permit tcp 10.10.166.0 0.0.0.255 host 10.10.5.36 eq www
03-19-2008 03:09 PM
im trying to give you props for the replys but no luck - ill keep trying.
jerry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide