cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
469
Views
0
Helpful
9
Replies

DROP command not aviable on IOS Ly3/4 Policy-Map

Imran Ahmad
Level 2
Level 2

Hello

 

I am running IOS- c7200-adventerprisek9-mz.152-4.S3   on GNS3.   I wanted to block,  I am trying to block Tor protocol using Ly3/4 policy-map. but while I enter to the policy-map configuration, there is no  Drop option available .

 

Any idea why the policy-map configuration on these IOS does not have DROP command available ??     If wit this IOS , drop command is not supported then What IOS I should use to have Tor protocol in its NBAR library and can block it??

 

 

Thanks

9 Replies 9

ghostinthenet
Level 7
Level 7

Are you sure you're using "policy-map type inspect" when defining your policy map? Different policy map types have different options, depending on what they're designed for and you may be using the wrong one.

Im talking about normal Ly3/4 Policy-map  not any type / ly7 policy-maps

Okay, so your configuration looks something like this?

policy-map PM_Test
 class CM_Test
  drop

And it isn't taking the drop command? That should be supported in the indicated IOS image.

As for blocking TOR with NBAR, you need NBAR2 for TOR protocol support and I don't think that's supported on the 7200.

It is supported on 7200. But my question is not answered why DROP  command not availble?v

I just tested it against a 7200 with 15.1.4M7 and the drop command is definitely available. I can't see it being removed in 15.2.4. Can you post the relevant configuration of your class and policy maps?

It is availble on 15.x-M.  But it is not availble with 15.x-S   Series

Is there a particular reason you need the S series rather than M? If not, it sounds like moving to the M train is the fix.

Actually im trying to test to block Tor 

so on M series does not have support for Tor , tht is why im using S series

That makes sense. What options do you have available in the policy map for this class? If we can't drop it, perhaps we can police it down to nothing.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: