Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Using NBAR - Policing method

Router(config-pmap)#police 1000000 31250 31250 conform-action drop exceed-action drop violate-action drop

In this example, what does the numbers "1000000 31250 31250" correlate with? Is it correlating with the string matching?

I got it from url: http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml#1

The url shows two string matching:

#match protocol http url "*cmd.exe*

#match protocol http url "*root.exe*"

I want to use:

class-map match-any http-hacks

match protocol http url "*default.ida*"

match protocol http url "*x.ida*"

match protocol http url "*.ida*"

match protocol http url "*cmd.exe*"

match protocol http url "*root.exe*"

match protocol http url "*readme.eml*"

2 REPLIES

Re: Using NBAR - Policing method

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

Silver

Re: Using NBAR - Policing method

These numbers refer to "average rate", "normal burst size", and "excess burst size" respectively.

More information here:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt4/qcfpolsh.htm#xtocid9

and,

http://www.cisco.com/warp/public/105/carburstvalues.html

Hope that helped,

Mustafa Hussein

LAN/WAN Specialist

Comark, Inc.

269
Views
0
Helpful
2
Replies
CreatePlease to create content