From: Ken.Farrington@barclayscapital.com
Date: Tue Oct 07 2003 - 17:05:24 GMT-3
absolutley brill!
just to show you
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int e0/0
R2(config-if)# service-policy output cisco
CEF or distributed CEF switching is required for NBAR 'match protocol'
command
R2(config-if)#
R2(config-if)#
Many many thx indeed to you both and Leah :))
beer - den bed!
nite nite :)
-----Original Message-----
From: Kenneth Wygand [mailto:KWygand@customonline.com]
Sent: 07 October 2003 20:51
To: Ken.Farrington@barclayscapital.com; adiment@qwest.com;
ccielab@groupstudy.com
Subject: RE: Is this NBAR? Is it not?
Ken,
That's it! You've got it! "Network Based Application Recognition". It
simply uses PDLM's (Protocol Description Language Modules) to match the
type of packet at the application level. It's sort of like a
signature-based antivirus solution - all files are scanned for known
viruses as they are passed through - well here they are scanned for
classification purposes.
Enjoy the rest of your day :)
Kenneth E. Wygand
Systems Engineer, Project Services
CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+
Custom Computer Specialists, Inc.
"In order to understand how a router will handle a particular situation,
you first must 'be' the router."
-Anonymous
-----Original Message-----
From: Ken.Farrington@barclayscapital.com
[mailto:Ken.Farrington@barclayscapital.com]
Sent: Tuesday, October 07, 2003 3:34 PM
To: Kenneth Wygand; adiment@qwest.com;
Ken.Farrington@barclayscapital.com; ccielab@groupstudy.com
Subject: RE: Is this NBAR? Is it not?
So, NBAR is not a suit of commands, it's purley used to classify traffic
under a class-map. This is what I was really getting at.
Can you confirm this point for me please as I am going mad today :)
-----Original Message-----
From: Kenneth Wygand [mailto:KWygand@customonline.com]
Sent: 07 October 2003 20:17
To: Diment, Andrew; Ken.Farrington@barclayscapital.com;
ccielab@groupstudy.com
Subject: RE: Is this NBAR? Is it not?
Yes, Andrew is correct. You can even match "protocols" (using the term
loosely here) like KaZaa or Instant Messaging programs - this way, if a
sly user attempts to get around your puny ACL by changing the TCP or UDP
ports used to connect (or even how some applications set themselves up
by default, like AOL Instant Messanger), no matter what ports the user
selects, the packets are identified by a signature to be a KaZaa or AIM
packet and can be treated accordingly as per company policy.
My only concern is the overhead used to do such evaluation - does anyone
have any experience (good or bad) with using NBAR and how it affects a
"not-so-beefy" routing device?
Kenneth E. Wygand
Systems Engineer, Project Services
CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+
Custom Computer Specialists, Inc.
"In order to understand how a router will handle a particular situation,
you first must 'be' the router."
-Anonymous
-----Original Message-----
From: Diment, Andrew [mailto:adiment@qwest.com]
Sent: Tuesday, October 07, 2003 3:11 PM
To: Ken.Farrington@barclayscapital.com; ccielab@groupstudy.com
Subject: RE: Is this NBAR? Is it not?
NBAR is a very powerful command. If you want to prioritize SQL traffic,
for instance, you don't need to know the source and destination
addresses, you can prioritize it because it's SQL. You might be NATing
and not know the info you would usually use. For the url part, you
could do url "www.cisco.com" and prioritize only traffic from cisco's
website, not all websites.
-----Original Message-----
From: Ken.Farrington@barclayscapital.com
[mailto:Ken.Farrington@barclayscapital.com]
Sent: Tuesday, October 07, 2003 1:57 PM
To: ccielab@groupstudy.com
Subject: Is this NBAR? Is it not?
Guys, It's been a day of QoS so by now, I just wanna permit IP any any
)
NBAR ? what is it? Is it just the fact that now you can use this
command
(and others for MIME etc etc) under a class map?
match protocol http url "/exec/show/interface/*" and a shed load of
other
protocols/commands under the class-map for further in-depth
classification?
Is that the strength of it? Just added protocols under this command? so
you
can look further into the packet?
YOU DONT NEED ANY NBAR COMMANDS do you? I know you need CEF running
Please could you be so kind to advise?
!
class-map match-all http_interface
match protocol http url "/exec/show/interface/*"
class-map match-all http_log
match protocol http url "/exec/show/log/*"
!
!
policy-map cisco
class http_interface
set ip precedence 5
class http_log
set ip precedence 1
!
interface Ethernet0/0
ip address 2.2.2.2 255.255.255.0
service-policy output cisco
!
------------------------------------------------------------------------
For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.
Internet communications are not secure and therefore the Barclays
Group does not accept legal responsibility for the contents of this
message. Although the Barclays Group operates anti-virus programmes,
it does not accept responsibility for any damage whatsoever that is
caused by viruses being passed. Any views or opinions presented are
solely those of the author and do not necessarily represent those of the
Barclays Group. Replies to this email may be monitored by the Barclays
Group for operational or business reasons.
------------------------------------------------------------------------
***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:58 GMT-3