RE: NBAR Question

From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Tue Nov 28 2006 - 02:57:05 ART

• Next message: Xiangling: "Re: NBAR Question"
• Previous message: Schulz, Dave: "DSCP maps in Catalyst"
• Maybe in reply to: Lab Rat #109385382: "NBAR Question"
• Next in thread: Xiangling: "Re: NBAR Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

It is not necessary to enable the protocol discovery in order to
configure the NBAR. However, you will want to read the docCD thoroughly
on the discovery and understand when it is needed. Hope this helps.

Dave Schulz,
Email: dschulz@dpsciences.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Iamgoingtobeaccie Iamgoingtobeaccie
Sent: Monday, November 27, 2006 11:57 PM
To: ccielab@groupstudy.com
Subject: Re: NBAR Question

One question which I have seen with a workbook was

1)classify HTTP without enabling CEF.As NBAR needs CEF,you are forced to
use the second method you mentioned.

Just adding my Query here..

Is enabling protocol discovery (ip nbar protocol-discovery) on the
interface mandatory to configure NBAR?

thanks

Lab Rat #109385382 <techlist01@gmail.com> wrote: If I was asked to match
HTTP traffic (to later be police'd), is there any
difference between doing the following:

class-map HTTP
  match protocol http

with doing the following:

access-list 100 permit tcp any any eq www
class-map HTTP
  match access-group 100

I've seen it done both ways, and I just want to know if there are any
distinct functional differences between the two methods.

Thanks,

Ed

• Next message: Xiangling: "Re: NBAR Question"
• Previous message: Schulz, Dave: "DSCP maps in Catalyst"
• Maybe in reply to: Lab Rat #109385382: "NBAR Question"
• Next in thread: Xiangling: "Re: NBAR Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART