Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
378
Views
0
Helpful
2
Replies

http filter use QOS

flowaycco
Level 1
Level 1

‎07-12-2010 03:14 AM - edited ‎03-11-2019 11:10 AM

Hi,all:

my config like this:

Class Map match-all 1 (id 3)

   Match protocol dns

Class Map match-all 2 (id 4)

   Match protocol http host "*cisco.com*"

Class Map match-all 3 (id 5)

   Match not class-map 1

   Match not class-map 2

Policy Map 1

   Class 1

   Class 2

   Class 3

     drop

I want deny all web access except to cisco.com

If i not use "drop" command in class 3,i can see packets match stats in class 2 when i use command "show policy-map interface";but if i use "drop" command in class 3,all http packets will be droped,i can't access the cisco.com,and there is any packets match stats in class 2,but class 1 and class 3's match stats grow up correct,i try some other way for class 3,like:

class 3

    match class class-default

or

class 3

    match any

or

class 3

    match access-group xxx

but all fail,the router drop all http packets as long as "drop" command be used in class3.

please help me,thx

Labels:
0 Helpful
2 Replies 2

Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎07-12-2010 06:03 AM

Hello,

If you looking to block all web access except ciso.com site, then you need to use REGEX. Here is a document that could be helpful.

https://supportforums.cisco.com/docs/DOC-1268;jsessionid=04C0678692F3EDA69D5921326AEC1195.node0

Hope this helps.

Regards.

NT

0 Helpful

flowaycco
Level 1
Level 1
In response to Nagaraja Thanthry

‎07-12-2010 06:21 AM

Thx very much!

But my equipment is 2921 router,not firewell,and only ip base ios,so i must use qos to do this only.:(

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card