That command is not required. With regards Kings CCNA,CCSP,CCNP,CCIP,CCIE 35914 (Security)
On Tue, Aug 14, 2012 at 7:49 PM, Krishna Nagam <[email protected]> wrote: > hi > which one is the best solution to resolve this issue: > > experiencing denial of services attacks using with NBAR > > calss-map match-any test > > match protocol http url "*.ida*" > > match protocol http url "*cmd.exe*" > > match protocol http url "*root.exe*" > > policy-map test > class test > set dscp 1 > > int fa0/1 > ip nbar protocol-discovery =========> this command is required or not > service-policy input test > > =============== > > class-map match-any CMAP_ATTACK > > match protocol http url "*default.ida*" > > match protocol http url "*cmd.exe*" > > match protocol http url "*root.exe*" > > > > class-map match-all NIMDA > > match dscp 1 > > match class CMAP-ATTACK > > > > policy-map SOLUTION > > class NIMDA > > drop > > > > > > int fa0/1 > > service-policy input SOLUTION > > ip nbar protocol-discovery <----------- this command is important or not > ??? > > no sh > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
