From: Jody Davis \(joddavis\) (joddavis@cisco.com)
Date: Sun Jul 17 2005 - 15:10:58 GMT-3
No.
If you are using NBAR for class matching, you just need to make
sure that ip cef is enabled globally. The "ip nbar protocol-discovery"
is a discovery mechanism to see which traffic is flowing on an
interface.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
fqos_c/fqcprt1/qcfnbar.htm#72654
Jody
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
k c
Sent: Sunday, July 17, 2005 7:00 AM
To: ccielab@groupstudy.com
Subject: NBAR Config
Hi Group,
Is it necessary to type "ip nbar protocol-discovery" on the interface
applied policy-map? I have seen many examples that they don't need this
command.
class-map match-any http-worm
match protocol http url "*cmd.exe*"
!
policy-map mark-http-worm
class http-worm
set ip dscp 1
interface Ethernet1/1
ip address 10.1.2.2 255.255.255.0
service-policy input mark-http-worm
8g;if8,h)&d;6e01/d;%3ie<5g
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:30 GMT-3