Re: NBAR Question

From: Iamgoingtobeaccie
Date: Thu Nov 30 2006 - 00:27:56 ART

• Next message: sabrina pittarel: "Re: Failed the 4th try"
• Previous message: Richard Braga: "How to name networks in the show ip route."
• Maybe in reply to: Lab Rat #109385382: "NBAR Question"
• Next in thread: Nick Griffin: "Re: NBAR Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Awaiting confirmation from other guys too.I know its easy to find this in doc cd and other stuffs.Infact I did check the doc CD before even writing my first mail.

But I am really confused after few guys(who have the CCIE numbers already) told that 'ip nbar protocol-discovery' is a mandatory command to enable NBAR.I could not see this info in any of the docs.

Advanced thanks

serdar kut <kutserdar@gmail.com> wrote: as much as I know no it is not a necessary for nbar to enable protocol discovery on interface...but cef is a mandatory for all app. of nbar...
  protocol discovery on interface may be a good accounting question :)
 
 Serdar

On 11/28/06, Iamgoingtobeaccie Iamgoingtobeaccie <heyiamgoingtobeaccie@yahoo.co.in> wrote: I had a look at the CCO before writing to the GS.I assumed that NBAR protocol discovery is just for displaying the traffic statistics for different applications.That is what I wanted to confirm here.

thanks

"Schulz, Dave" <DSchulz@dpsciences.com> wrote: It is not necessary to enable the protocol discovery in order to
configure the NBAR. However, you will want to read the docCD thoroughly
on the discovery and understand when it is needed. Hope this helps.

Dave Schulz,
Email: dschulz@dpsciences.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Iamgoingtobeaccie Iamgoingtobeaccie
Sent: Monday, November 27, 2006 11:57 PM
To: ccielab@groupstudy.com
Subject: Re: NBAR Question

One question which I have seen with a workbook was

1)classify HTTP without enabling CEF.As NBAR needs CEF,you are forced to
use the second method you mentioned.

Just adding my Query here..

Is enabling protocol discovery (ip nbar protocol-discovery) on the
interface mandatory to configure NBAR?

thanks

Lab Rat #109385382 wrote: If I was asked to match
HTTP traffic (to later be police'd), is there any
difference between doing the following:

class-map HTTP
  match protocol http

with doing the following:

access-list 100 permit tcp any any eq www
class-map HTTP
  match access-group 100

I've seen it done both ways, and I just want to know if there are any
distinct functional differences between the two methods.

Thanks,

Ed

• Next message: sabrina pittarel: "Re: Failed the 4th try"
• Previous message: Richard Braga: "How to name networks in the show ip route."
• Maybe in reply to: Lab Rat #109385382: "NBAR Question"
• Next in thread: Nick Griffin: "Re: NBAR Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:49 ART