10-13-2009 05:02 PM - edited 03-06-2019 08:06 AM
What is the proper way to:
Limit any web traffic from www.site.com to 1 Mbps and if the site has .torrent extension then drop the packet.
Here is my configuration, tell me if it is wrong or right?
Webserver IP is 2.2.2.2
access-list 120 permit host 2.2.2.2 eq 80 any
class-map match-all DROPPED_TRAFFIC
match access-group 120
match protocol http url "www.site.com/"
match protocol http url "*.torrent"
class-map match-all LIMITED_TRAFFIC
match access-group 120
match protocol http url "www.site.com/"
match not protocol http url "*.torrent"
policy-map MYPOLICY
class DROPPED_TRAFFIC
drop
class LIMITED_TRAFFIC
police cir 1000000
int f0/0
service-policy input MYPOLICY
My main question is, is the "match not protocol http url "*.torrent" " important under the LIMITED_TRAFFIC class-map or can I perform the objective successfully without it?
Solved! Go to Solution.
10-13-2009 11:49 PM
Henry,
access-list 120 should be
access-list 120 permit tcp host 2.2.2.2 eq 80 any
clearly a mistyping.
>> is the "match not protocol http url "*.torrent" " important under the LIMITED_TRAFFIC class-map or can I perform the objective successfully without it?
the order of calls of class-maps in the policy-map is important.
Because DROPPED_TRAFFIC is called first torrent traffic will match it.
So the match not protocol http url "*.torrent" " in the second class invoked is not strictly required.
It would be if the class-maps had been invoked in reverse order.
only doubt is if the bit torrent protocol is matched in this way.
you need to use
match protocol bittorrent
or
match not protocol bittorrent
see
BitTorrent
TCP
Dynamically Assigned or
6881-6889
BitTorrent File Transfer Traffic
bittorrent>> keyword to be used
!First IOS to support:
12.2(18)ZYA1
12.4(2)T
http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m1.html#wp1038163
Hope to help
Giuseppe
10-13-2009 11:49 PM
Henry,
access-list 120 should be
access-list 120 permit tcp host 2.2.2.2 eq 80 any
clearly a mistyping.
>> is the "match not protocol http url "*.torrent" " important under the LIMITED_TRAFFIC class-map or can I perform the objective successfully without it?
the order of calls of class-maps in the policy-map is important.
Because DROPPED_TRAFFIC is called first torrent traffic will match it.
So the match not protocol http url "*.torrent" " in the second class invoked is not strictly required.
It would be if the class-maps had been invoked in reverse order.
only doubt is if the bit torrent protocol is matched in this way.
you need to use
match protocol bittorrent
or
match not protocol bittorrent
see
BitTorrent
TCP
Dynamically Assigned or
6881-6889
BitTorrent File Transfer Traffic
bittorrent>> keyword to be used
!First IOS to support:
12.2(18)ZYA1
12.4(2)T
http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m1.html#wp1038163
Hope to help
Giuseppe
10-14-2009 04:06 AM
Thanks for the answer, I didn't know that you had to position class-maps in a certain order for them to execute. This was my confusion.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide