I am attempting to apply a service policy to ether a dialer interface or a serial interface. From my testing it would appear that the "match protocol" command will not actually match any packets when the policy is applied to these interfaces.
the setup is below:-
class-map match-all telnet
match protocol telnet
class-map match-all citrix
match protocol citrix
class-map match-all Telnet
match protocol telnet
class-map match-all voice-signaling
match access-group 151
class-map match-all voice-traffic
match access-group 150
ip address negotiated
ip access-group inbound in
ip mtu 1458
ip nat outside
ip inspect myfw out
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password
ppp pap sent-username
ppp ipcp dns request
ppp ipcp wins request
crypto map vpnclient
service-policy output VOICE-POLICY
hold-queue 224 in
I have an access-list that matches my VoIP traffic no problem, but neither telnet or citrix traffic are matched when doing a "sh policy-map interface dialer1".
However running the SH IP NBAR PROTOCOL DISCOVERY INT DIALER 1 does indeed show the existance of these packets.
Will I be forced to match traffic to/from the citrix servers by an access-list or is there a way of doing it with MATCH PROTOCOL? It would seem the best way!
Note This chapter lists some of the command options for the policy-map configuration mode. These command options are not limited to Release 12.2 and can vary among platforms and Cisco IOS releases. Because software is updated frequently, this list of commands might not represent the most updated software command options. For the most current command options for your Cisco IOS software, see the New Feature Documentation index for your particular Cisco IOS software release on Cisco.com.
Re: QoS - Match Protocol on WAN Interface not working
Hi I don't know why it doesn't work, but you mention that it is not ideal to work not with "match protocol". I don't think thats true, because every packet that passes trough this policy-map has to be inspected by the CPU. NBAR (match protocol) can not be performed by hardware on any platform, so be carefull to not slow down the router with such tasks. If you can perfom the same thing with ACL's do it better that way because that can be done without interrupting the CPU.
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...