NBAR question

hollund · ‎03-29-2003

--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --

If I'm in the wrong forum, please advise. I am trying to see if I have configured NBAR correctly-I want to reduce the bandwidth of a computer on my internal network to 100,000 bits per second. My router is a Cisco 2651. Here is my IOS configuration:

--moderator edit-- router#show run

Building configuration...

Current configuration : 1501 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname --moderator edit-- router

!

enable password XXXXXXXXXXXX

!

ip subnet-zero

!

ip name-server --moderator edit-- 10.10.10..12

!

ip audit notify log

ip audit po max-events 100

!

class-map match-all P2P

match source-address mac 0009.5B3B.28BF

!

policy-map P2P_Filter

class P2P

police cir 100000

conform-action transmit

exceed-action drop

violate-action drop

!

fax interface-type fax-mail

mta receive maximum-recipients 0

!

interface ATM0/0

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface FastEthernet0/0

description Intranet

ip address 192.168.0.1 255.255.255.0

ip nat inside

no ip mroute-cache

speed auto

half-duplex

service-policy input P2P_Filter

no cdp enable

!

interface Serial0/0

no ip address

no ip mroute-cache

shutdown

!

interface FastEthernet0/1

description Internet

ip address --moderator edit-- 192.168.42.210 255.255.255.248

ip nat outside

no ip mroute-cache

duplex auto

speed auto

no cdp enable

!

ip nat inside source list 1 interface FastEthernet0/1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 --moderator edit-- 192.168.42.209

ip http server

ip pim bidir-enable

!

access-list 1 permit 192.168.0.0 0.0.0.255

!

call rsvp-sync

!

mgcp profile default

!

dial-peer cor custom

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

password XXXXXXX

login

!

end

--moderator edit-- router#

Any suggestions are appreciated, thanks!

hollund · ‎03-30-2003

--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --

I forgot to add the fact that IP CEF is enabled, sorry.

--moderator edit-- router#show run

Building configuration...

Current configuration : 1501 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname --moderator edit-- router

!

enable secret 5 -- moderator edit --

enable password XXXXXXXXXXXX

!

ip subnet-zero

!

ip name-server --moderator edit-- 10.10.10.12

!

ip cef

ip audit notify log

ip audit po max-events 100

!

class-map match-all P2P

match source-address mac 0009.5B3B.28BF

!

policy-map P2P_Filter

class P2P

police cir 100000

conform-action transmit

exceed-action drop

violate-action drop

!

fax interface-type fax-mail

mta receive maximum-recipients 0

!

interface ATM0/0

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface FastEthernet0/0

description Intranet

ip address 192.168.0.1 255.255.255.0

ip nat inside

no ip mroute-cache

speed auto

half-duplex

service-policy input P2P_Filter

no cdp enable

!

interface Serial0/0

no ip address

no ip mroute-cache

shutdown

!

interface FastEthernet0/1

description Internet

ip address --moderator edit-- 192.168.42.210 255.255.255.248

ip nat outside

no ip mroute-cache

duplex auto

speed auto

no cdp enable

!

ip nat inside source list 1 interface FastEthernet0/1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 --moderator edit-- 192.168.42.209

ip http server

ip pim bidir-enable

!

access-list 1 permit 192.168.0.0 0.0.0.255

!

call rsvp-sync

!

mgcp profile default

!

dial-peer cor custom

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

password XXXXXXX

login

!

end

--moderator edit-- router#

f.herrera · ‎05-04-2003

If your intention is to limit a specif user, is better to use The Committed Access Rate (CAR), the followig URL shall give you more information:

http://cco-rtp-1.cisco.com/en/US/customer/tech/tk543/tk545/technologies_tech_note09186a00800a3a25.shtml.

NBAR, is more to limit base on the application