Re: NBAR Question

From: Iamgoingtobeaccie
Date: Tue Nov 28 2006 - 01:56:44 ART

• Next message: Dishan Gamage: "Re: Ipv6 over Frame-relay"
• Previous message: Rodrigo Paes: "Re: CCIE Security Lab Seat?"
• Maybe in reply to: Lab Rat #109385382: "NBAR Question"
• Next in thread: Schulz, Dave: "RE: NBAR Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

One question which I have seen with a workbook was

1)classify HTTP without enabling CEF.As NBAR needs CEF,you are forced to use the second method you mentioned.

Just adding my Query here..

Is enabling protocol discovery (ip nbar protocol-discovery) on the interface mandatory to configure NBAR?

thanks

Lab Rat #109385382 <techlist01@gmail.com> wrote: If I was asked to match HTTP traffic (to later be police'd), is there any
difference between doing the following:

class-map HTTP
  match protocol http

with doing the following:

access-list 100 permit tcp any any eq www
class-map HTTP
  match access-group 100

I've seen it done both ways, and I just want to know if there are any
distinct functional differences between the two methods.

Thanks,

Ed

• Next message: Dishan Gamage: "Re: Ipv6 over Frame-relay"
• Previous message: Rodrigo Paes: "Re: CCIE Security Lab Seat?"
• Maybe in reply to: Lab Rat #109385382: "NBAR Question"
• Next in thread: Schulz, Dave: "RE: NBAR Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART