Go CCIE Go!! - A Cisco Certified Internetwork Expert

*Yes Gaurav,
That’s the destination port that you are using to match the traffic specifically.
you can use the “#show ip nbar port-map” to see the mappings that are in there by default and that have been added by you.
Thanks, Dara * On Tue, Jul 29, 2008 at 1:41 PM, GAURAV MADAN wrote:
> Hi Marvin > > Thnx for the explaination . > My bad .. I didnt figured out the 01 and 10 stuff .. > > Does the port number included in CLI (UDP port no ) .. dest. port number ? > > Gaurav Madan. > > On Tue, Jul 29, 2008 at 1:23 PM, Marvin Greenlee > wrote: > > The router will complete an unfinished command. > > > > “ip nbar port-map custom-1″ > > Completes to > > “ip nbar port-map custom-10″ > > > > If you want to use the custom 1, you need to specify “ip nbar port-map > > custom-01″, not “custom-1″. I think that missing the zero is causing > your > > problem. > > > > Regarding class-maps, it will allow you to match any that you have > defined. > > If 10 is the only one that you have defined, that is all that will show > up > > for “match protocol”. > > > > Router(config)#do show ip nbar port-map | i custom > > port-map custom-01 udp 12345 > > port-map custom-02 udp 1333 > > port-map custom-10 udp 12344 > > Router(config)#class-map test > > Router(config-cmap)#match prot cust? > > custom-01 custom-02 custom-10 > > > > > > Marvin Greenlee, CCIE #12237 (R&S, SP, Sec) > > Senior Technical Instructor - IPexpert, Inc. > > Telephone: +1.810.326.1444 > > Fax: +1.810.454.0130 > > Mailto: mgreenlee@ipexpert.com > > > > Progress or excuses, which one are you making? > > > > > > > > —–Original Message—– > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of > > GAURAV MADAN > > Sent: Tuesday, July 29, 2008 2:57 AM > > To: Cisco certification > > Subject: IP NBAR port-map > > > > HI Group > > > > I wanted a small clearification : > > > > If my requirement says ” i have to deny upd packets going tp dest port > > 1434 ” and i am not supposed to use the ACL for it . > > > > I plan to do this as : > > > > Rack1R5(config)#do sh run | inc ip nb > > ip nbar port-map custom-10 udp 1434 > > > > Then I will match this in class-map ” match protocol custom-10 ” and > > finally drop in policy-map . > > > > Am I correct in my approach ? > > > > Question > > *********** > > 1) Is this udp port number that i specify ; the dest port number ? > > 2) When I give : > > > > Rack1R5(config)#ip nbar port-map ? > > > > custom-01 Custom protocol custom-01 > > custom-02 Custom protocol custom-02 > > custom-03 Custom protocol custom-03 > > custom-04 Custom protocol custom-04 > > custom-05 Custom protocol custom-05 > > custom-06 Custom protocol custom-06 > > custom-07 Custom protocol custom-07 > > custom-08 Custom protocol custom-08 > > custom-09 Custom protocol custom-09 > > custom-10 Custom protocol custom-10 > > > > Whatever I choose ; I get that configured as custom-10 > > > > Rack1R5(config)#ip nbar port-map custom-1 udp 1001 > > Rack1R5(config)#do sh run | inc ip nbar > > ip nbar port-map custom-10 udp 1001 > > > > 3) Also ; I find only “custom-10″ as only option in match protocol …. > > > > If I have to do this for multiple ports ( i know i can match upto 16 > > in one custom itself ) then do we have some other options ? > > > > Thnx in advance > > Gaurav Madan. > > > > > > Blogs and organic groups at http://www.ccie.net > > > > _______________________________________________________________________ > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html > > > Blogs and organic groups at http://www.ccie.net > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net