Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

http filter use QOS

Hi,all:

my config like this:

Class Map match-all 1 (id 3)

   Match protocol dns

Class Map match-all 2 (id 4)

   Match protocol http host "*cisco.com*"

Class Map match-all 3 (id 5)

   Match not class-map 1

   Match not class-map 2

Policy Map 1

   Class 1

   Class 2

   Class 3

     drop

I want deny all web access except to cisco.com

If i not use "drop" command in class 3,i can see packets match stats in class 2 when i use command "show policy-map interface";but if i use "drop" command in class 3,all http packets will be droped,i can't access the cisco.com,and there is any packets match stats in class 2,but class 1 and class 3's match stats grow up correct,i try some other way for class 3,like:

class 3

    match class class-default

or

class 3

    match any

or

class 3

    match access-group xxx

but all fail,the router drop all http packets as long as "drop" command be used in class3.

please help me,thx

2 REPLIES
Cisco Employee

Re: http filter use QOS

Hello,

If you looking to block all web access except ciso.com site, then you need to use REGEX. Here is a document that could be helpful.

https://supportforums.cisco.com/docs/DOC-1268;jsessionid=04C0678692F3EDA69D5921326AEC1195.node0

Hope this helps.

Regards.

NT

Community Member

Re: http filter use QOS

Thx very much!

But my equipment is 2921 router,not firewell,and only ip base ios,so i must use qos to do this only.:(

141
Views
0
Helpful
2
Replies
CreatePlease to create content