How to use the DROP Statment in MQC
R1 --- R4f0/0 --- SW1(web server)Sw1#deb ip http all
Sw1#
rack5>1
[Resuming connection 1 to R1 ... ]
copy http://10.10.7.7/run.html null0
Destination filename [null0]?
rack5>7
[Resuming connection 7 to sw1 ... ]Sw1#
rack5>1
[Resuming connection 1 to R1 ... ]Loading http://10.10.7.7/run.html !
%Error copying http://10.10.7.7/run.html (Not enough space on device)
R1#
R1#
rack5>7
[Resuming connection 7 to sw1 ... ]1d22h: Tue, 02 Mar 1993 22:31:36 GMT 10.10.123.1 /run.html ok
Protocol = HTTP/1.1 Method = GET
1d22h: Date = Wed, 06 Jun 2007 23:35:10 GMTSw1#
Sw1#
rack5>4
[Resuming connection 4 to R4 ... ]R4#show policy-map inter
FastEthernet0/0Service-policy input: PMPOLICY
Class-map: PICTURES (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*.jpeg|*.jpg|*.gif"
Match: access-group 101
Match: protocol http host "10.10.7.7"
dropClass-map: WEBSERVER (match-all)
8 packets, 3362 bytes
30 second offered rate 1000 bps, drop rate 0 bps
Match: protocol http host "10.10.7.7"
police:
cir 640000 bps, bc 20000 bytes
conformed 8 packets, 3362 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 1000 bps, exceed 0 bpsClass-map: class-default (match-any)
717 packets, 64081 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
R4#rack5>7
[Resuming connection 7 to sw1 ... ]Sw1#
!now we have some fake information in the flash of this stuff
Sw1#copy running-config flash:ima.gif
Destination filename [ima.gif]?2689 bytes copied in 1.225 secs (2195 bytes/sec)
Sw1#copy running-config flash:ima.jpeg
Destination filename [ima.jpeg]?2689 bytes copied in 0.646 secs (4163 bytes/sec)
Sw1#copy running-config flash:ima.jpg
Destination filename [ima.jpg]?2689 bytes copied in 0.638 secs (4215 bytes/sec)
Sw1#show flashDirectory of flash:/
2 -rwx 7963038 Mar 1 1993 02:57:02 +00:00
c3560-advipservicesk9-mz.122-25.SEE2.bin
3 -rwx 1442 Mar 1 1993 01:06:10 +00:00 run.jpg
4 -rwx 864 Mar 1 1993 00:09:21 +00:00 test
5 -rwx 1096 Mar 1 1993 22:16:15 +00:00 vlan.dat
6 -rwx 24 Mar 2 1993 05:45:09 +00:00 private-config.text
7 -rwx 2679 Mar 2 1993 22:02:58 +00:00 run.html
8 -rwx 2135 Mar 2 1993 05:45:09 +00:00 config.text
9 -rwx 2689 Mar 2 1993 22:32:43 +00:00 ima.gif
10 -rwx 2689 Mar 2 1993 22:32:49 +00:00 ima.jpeg
11 -rwx 2689 Mar 2 1993 22:32:53 +00:00 ima.jpg!Yeah
32514048 bytes total (24529920 bytes free)
Sw1#
rack5>1
[Resuming connection 1 to R1 ... ]R1#copy http://10.10.7.7/ima.gif null0
Destination filename [null0]?
Loading http://10.10.7.7/ima.gif !
%Error copying http://10.10.7.7/ima.gif (Not enough space on device)
R1#
rack5>4
[Resuming connection 4 to R4 ... ]R4#show policy-map inter
FastEthernet0/0Service-policy input: PMPOLICY
Class-map: PICTURES (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*.jpeg|*.jpg|*.gif"
Match: access-group 101
Match: protocol http host "10.10.7.7"
dropClass-map: WEBSERVER (match-all)
12 packets, 4904 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: protocol http host "10.10.7.7"
police:
cir 640000 bps, bc 20000 bytes
conformed 12 packets, 4904 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bpsR4#show run | in access-list 101
access-list 101 permit tcp host 10.7.7.7 eq www host 150.1.1.1
access-list 101 permit tcp host 10.10.67.7 eq www host 150.1.1.1
access-list 101 permit tcp host 10.7.7.7 eq www any
access-list 101 permit tcp host 10.10.67.7 eq www any
R4# !Stupid Router!
R4#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#no access-list 101
R4(config)#
R4(config)#access-list 101 permit tcp host 10.10.7.7 eq www host 150.1.1.1
R4(config)#access-list 101 permit tcp host 10.10.67.7 eq www host 150.1.1.1
R4(config)#access-list 101 permit tcp host 10.10.7.7 eq www any
R4(config)#access-list 101 permit tcp host 10.10.67.7 eq www any
R4(config)#^Z
R4#
rack5>1
[Resuming connection 1 to R1 ... ]R1#copy http://10.10.7.7/ima.gif null0
Destination filename [null0]?rack5>4
[Resuming connection 4 to R4 ... ]R4#show policu
R4#show policy
R4#show policy-map inter f0/0
FastEthernet0/0Service-policy input: PMPOLICY
Class-map: PICTURES (match-all)
4 packets, 1243 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*.jpeg|*.jpg|*.gif"
Match: access-group 101
Match: protocol http host "10.10.7.7"
dropClass-map: WEBSERVER (match-all)
12 packets, 4904 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: protocol http host "10.10.7.7"
police:
cir 640000 bps, bc 20000 bytes
conformed 12 packets, 4904 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bpsClass-map: class-default (match-any)
803 packets, 70341 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
R4#
rack5>1
[Resuming connection 1 to R1 ... ]
Loading http://10.10.7.7/ima.gif
rack5>!! We still have nothing
[Resuming connection 1 to R1 ... ]
!
%Error reading http://10.10.7.7/ima.gif (Broken pipe)
R1#
R1#
R1#
R1#
R1#
R1#
R1#
R1#
rack5>4
[Resuming connection 4 to R4 ... ]R4#
R4#show policy-map inter f0/0 ?
input Input policy
output Output policy
| Output modifiers
<cr>R4#show policy-map inter f0/0
FastEthernet0/0Service-policy input: PMPOLICY
Class-map: PICTURES (match-all)
8 packets, 3384 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*.jpeg|*.jpg|*.gif"
Match: access-group 101
Match: protocol http host "10.10.7.7"
dropClass-map: WEBSERVER (match-all)
12 packets, 4904 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: protocol http host "10.10.7.7"
police:
cir 640000 bps, bc 20000 bytes
conformed 12 packets, 4904 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bpsClass-map: class-default (match-any)
825 packets, 71957 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: anyR4#show policy-map inter f0/0
FastEthernet0/0Service-policy input: PMPOLICY
Class-map: PICTURES (match-all)
8 packets, 3384 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*.jpeg|*.jpg|*.gif"
Match: access-group 101
Match: protocol http host "10.10.7.7"
dropClass-map: WEBSERVER (match-all)
12 packets, 4904 bytes !!!!SOME HERE
30 second offered rate 0 bps, drop rate 0 bps
Match: protocol http host "10.10.7.7"
police:
cir 640000 bps, bc 20000 bytes
conformed 12 packets, 4904 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bpsClass-map: class-default (match-any)
825 packets, 71957 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
R4#show run policy-map
Building configuration...Current configuration : 88 bytes
!
policy-map PMPOLICY
class PICTURES
drop
class WEBSERVER
police 640000
!
endR4#show run class-map
Building configuration...Current configuration : 215 bytes
!
class-map match-all PICTURES
match protocol http url "*.jpeg|*.jpg|*.gif"
match access-group 101
match protocol http host "10.10.7.7"
class-map match-all WEBSERVER
match protocol http host "10.10.7.7"
!
endR4#show run int f0/0
Building configuration...Current configuration : 236 bytes
!
interface FastEthernet0/0
ip address 10.10.34.4 255.255.255.0
ip access-group 102 in
ip pim sparse-dense-mode
no ip route-cache cef
no ip route-cache
load-interval 30
duplex auto
speed auto
service-policy input PMPOLICY
end
1 comment