Hi All, I want to configure NBAR for some DoS attack found on urls with IP precedence bit it set to 1 is dropped and I configured as follows:
class-map match-any CM-Dos match protocol http url "*.bomb.exe*" match protocol http url "*.cmd.exe*" match dscp 1 ! policy-map PM-DOS class CM-DOS drop ! int fax/x service-policy input PM-DOS Question 1) will the above configuration correct. 2) what is the use of set dscp 1 inside the policy-map R2(config-pmap)#do sh run | beg policy-map policy-map PM-DOS class CM-DOS set ip dscp 1 3) if the question may asked to use egress ACL for traffic with DSCP 1 value to drop the traffic will the following configuration correct: class-map match-any CM-Dos match protocol http url "*.bomb.exe*" match protocol http url "*.cmd.exe*" ! policy-map PM-DOS class CM-DOS ! ip access-list extended DOS deny tcp any any eq www dscp 1 permit tcp any any int fax/x service-policy input PM-DOS ip nbar protocol-discovery ip access-group DOS out clarification to all 3 questions individually is appreciated. thanks
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
