Hi Kings, Many thanks for your reply with the solution..!!
In fact the url I sent was from 12.4(15) T regards On Sun, Nov 14, 2010 at 9:15 AM, Kingsley Charles < [email protected]> wrote: > That CLI is part of the ZFW structure which is available in 12.4(20)T. > > In 12.4(15)T, the only thing you need to configure for URL filter is > *parameter-map > type urlfilter *and this parameter map should be configured under a class > match matching http traffic. > > The parameter map can be configured for websense or N2H2 and with other > parameters. If you need to configure urlfilter on 12.4(15), nothing else is > required other than the following commands. > > parameter-map type urlfilter king > server vendor websense 10.20.30.40 > > class-map type inspect httptraff > match protocol http > > policy-map type inspect insp > class httptraff > inspect > urlfilter king > > > With regards > Kings > > > On Sun, Nov 14, 2010 at 12:33 AM, Pemasiri Devanarayana < > [email protected]> wrote: > >> Hi Kings, >> >> I'm having 12.4(15)T on my lab, I even cant use ' class-map type >> urlfilter websense' command for configuring URL filter (Websence on Zone >> based FW section for Lab) >> >> R6(config)#class-map type urlfilter websense match-any websense-class >> ^ >> % Invalid input detected at '^' marker. >> >> R6(config)#class-map type ? >> access-control access-control specific class-map >> control Configure a control policy class-map >> inspect Configure CBAC Class Map >> logging Class map for control-plane packet logging >> port-filter Class map for port filter >> queue-threshold Class map for queue threshold >> stack class-map for protocol header stack specification >> >> R6(config)#do sh ver >> Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version >> 12.4(15)T12, RELEASE SOFTWARE (fc3) >> Technical Support: http://www.cisco.com/techsupport >> Copyright (c) 1986-2010 by Cisco Systems, Inc. >> Compiled Fri 22-Jan-10 02:04 by prod_rel_team >> >> ROM: System Bootstrap, Version 12.4(13r)T11, RELEASE SOFTWARE (fc1) >> >> R6 uptime is 2 weeks, 8 hours, 8 minutes >> System returned to ROM by reload at 10:48:52 UTC Fri Oct 29 2010 >> System image file is "flash:c2800nm-adventerprisek9-mz.124-15.T12.bin" >> >> What will be an alternative method here for configuring class-map type >> urlfilter..? >> >> >> http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_zone_polcy_firew_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1121063 >> >> Regards, >> >> On Fri, Nov 12, 2010 at 9:08 AM, Kingsley Charles < >> [email protected]> wrote: >> >>> Yusuf has responded to the same question I posted on CLN. He confirmed >>> that 12.4(15)T is the IOS version that will be in the lab >>> >>> https://learningnetwork.cisco.com/message/62581#62581 >>> >>> >>> With regards >>> Kings >>> >>> >>> On Fri, Nov 12, 2010 at 9:42 AM, Eugene Pefti >>> <[email protected]>wrote: >>> >>>> And more over, when I try to install 12.4(15)T on the router Cisco’s >>>> Advisory software notice says that this particular release is affected by a >>>> lot of serious software issues giving quite a list of documented bugs. >>>> >>>> I just want to make sure that we are not affected by any of these bugs >>>> on the real lab exam ;)) >>>> >>>> >>>> >>>> Eugene >>>> >>>> >>>> >>>> *From:* Eugene Pefti [mailto:[email protected]] >>>> *Sent:* Wednesday, November 10, 2010 10:17 PM >>>> *To:* 'Kingsley Charles' >>>> *Cc:* [email protected] >>>> *Subject:* RE: [OSL | CCIE_Security] parameter-map type urlfilter >>>> >>>> >>>> >>>> You are dead right, Kings as usual ;) >>>> >>>> I do run on of the latest releases of 12.4 code. Sometimes it is very >>>> frustrating to understand that I never know everything for the lab exam. >>>> It’s just impossible to retain everything. >>>> >>>> >>>> >>>> Eugene >>>> >>>> >>>> >>>> *From:* Kingsley Charles [mailto:[email protected]] >>>> *Sent:* Wednesday, November 10, 2010 9:29 PM >>>> *To:* Eugene Pefti >>>> *Subject:* Re: [OSL | CCIE_Security] parameter-map type urlfilter >>>> >>>> >>>> >>>> The “parameter-map type urlfilter" can be found in 12.15(T) after which >>>> the ZFW options has changed a bit with the support of Trend Based URL >>>> filter servers. >>>> >>>> The CCIE lab is based on 12.4(15)T. >>>> >>>> I guess, you are using 12.4(20) or above. >>>> >>>> With regards >>>> Kings >>>> >>>> On Thu, Nov 11, 2010 at 5:25 AM, Eugene Pefti <[email protected]> >>>> wrote: >>>> >>>> And I don’t know if the “parameter-map type urlfilter NAME” is the right >>>> command. >>>> >>>> I tried it against two images, advsecurity and adventerprise and none of >>>> them allows “urlfilter” after the type of parameter map. >>>> >>>> Acceptable options are urlfpolicy and urlf-glob which are essentially >>>> good and quite usable for local URL filtering applications. >>>> >>>> I configured a bunch of the clients routers with ZBF using parameter >>>> maps to do local URL filtering for a number of social networking sites >>>> >>>> >>>> >>>> Eugene >>>> >>>> >>>> >>>> *From:* [email protected] [mailto: >>>> [email protected]] *On Behalf Of *Mark Senteza >>>> *Sent:* Tuesday, November 09, 2010 7:59 PM >>>> *To:* [email protected] >>>> *Subject:* [OSL | CCIE_Security] parameter-map type urlfilter >>>> >>>> >>>> >>>> Hey all, >>>> >>>> I'd like some clarification on the "exclusive-domain" command under the >>>> parameter-map type urlfilter command. My understanding is that the >>>> exclusive-domain list is a list of domains that are excluded from lookup >>>> requests being sent to the URL filter server for. I hope thus far I am >>>> correct. >>>> >>>> My confusion is with the "deny" or "permit" statement. Does the deny >>>> statement mean dont bother sending a request to the URL filter server and >>>> just deny all traffic sent to the specified domain ? And does the "permit" >>>> mean dont bother sending a request to the URL filter server and proceed to >>>> permit all traffic sent to the specified domain? >>>> >>>> Unfortunately, I dont have a Websense server to test this, so I was >>>> hoping somebody could enlighten me on this. >>>> >>>> If the configuration below was used, for example, what would it do: >>>> >>>> parameter-map type urlfilter URLFILTER-PARAMAP >>>> server-vendor websense 192.168.90.90 >>>> exclusive-domain deny example.com >>>> >>>> Thanks again >>>> >>>> Mark >>>> >>>> >>>> _______________________________________________ >>>> For more information regarding industry leading CCIE Lab training, >>>> please visit www.ipexpert.com >>>> >>>> >>>> >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
