http filter use QOS

Unanswered Question
Jul 12th, 2010


my config like this:

Class Map match-all 1 (id 3)

   Match protocol dns

Class Map match-all 2 (id 4)

   Match protocol http host "**"

Class Map match-all 3 (id 5)

   Match not class-map 1

   Match not class-map 2

Policy Map 1

   Class 1

   Class 2

   Class 3


I want deny all web access except to

If i not use "drop" command in class 3,i can see packets match stats in class 2 when i use command "show policy-map interface";but if i use "drop" command in class 3,all http packets will be droped,i can't access the,and there is any packets match stats in class 2,but class 1 and class 3's match stats grow up correct,i try some other way for class 3,like:

class 3

    match class class-default


class 3

    match any


class 3

    match access-group xxx

but all fail,the router drop all http packets as long as "drop" command be used in class3.

please help me,thx

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
flowaycco Mon, 07/12/2010 - 06:21

Thx very much!

But my equipment is 2921 router,not firewell,and only ip base ios,so i must use qos to do this only.:(


This Discussion