Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

DROP command not aviable on IOS Ly3/4 Policy-Map

Hello

 

I am running IOS- c7200-adventerprisek9-mz.152-4.S3   on GNS3.   I wanted to block,  I am trying to block Tor protocol using Ly3/4 policy-map. but while I enter to the policy-map configuration, there is no  Drop option available .

 

Any idea why the policy-map configuration on these IOS does not have DROP command available ??     If wit this IOS , drop command is not supported then What IOS I should use to have Tor protocol in its NBAR library and can block it??

 

 

Thanks

9 REPLIES

Are you sure you're using

Are you sure you're using "policy-map type inspect" when defining your policy map? Different policy map types have different options, depending on what they're designed for and you may be using the wrong one.

Community Member

Im talking about normal Ly3/4

Im talking about normal Ly3/4 Policy-map  not any type / ly7 policy-maps

Okay, so your configuration

Okay, so your configuration looks something like this?

policy-map PM_Test
 class CM_Test
  drop

And it isn't taking the drop command? That should be supported in the indicated IOS image.

As for blocking TOR with NBAR, you need NBAR2 for TOR protocol support and I don't think that's supported on the 7200.

Community Member

It is supported on 7200. But

It is supported on 7200. But my question is not answered why DROP  command not availble?v

I just tested it against a

I just tested it against a 7200 with 15.1.4M7 and the drop command is definitely available. I can't see it being removed in 15.2.4. Can you post the relevant configuration of your class and policy maps?

Community Member

It is availble on 15.x-M.

It is availble on 15.x-M.  But it is not availble with 15.x-S   Series

Is there a particular reason

Is there a particular reason you need the S series rather than M? If not, it sounds like moving to the M train is the fix.

Community Member

Actually im trying to test to

Actually im trying to test to block Tor 

so on M series does not have support for Tor , tht is why im using S series

That makes sense. What

That makes sense. What options do you have available in the policy map for this class? If we can't drop it, perhaps we can police it down to nothing.

45
Views
0
Helpful
9
Replies
CreatePlease to create content