Re: NBAR Question

From: Nick Griffin (nick.jon.griffin@gmail.com)
Date: Thu Nov 30 2006 - 00:58:00 ART

• Next message: Kal Han: "VPN3K - Authentication"
• Previous message: sabrina pittarel: "Re: Mistakes"
• Maybe in reply to: Lab Rat #109385382: "NBAR Question"
• Next in thread: Vincent Mashburn: "RE: NBAR Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On 11/29/06, Nick Griffin <nick.jon.griffin@gmail.com> wrote:
>
> I've noticed the first time you configure a class map that matches on nbar
> protocol information, the router chugs the same way that it does when
> enabling protocol discovery on an interface. When you match on protocol, IOS
> appears to be smart enough to enable discovery where's it's needed. Now what
> I don't know is if there's a debug to verify this. It would be nice if there
> was a debug for it like autoqos. :)
>
> This might be something:
>
> R6#sh ip nbar resources
> % Error: NBAR has not been activated
>
> R6#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> R6(config)#class-map KLUDGE
> R6(config-cmap)#mat
> R6(config-cmap)#match pr
> R6(config-cmap)#match pro
> R6(config-cmap)#match protocol http
> R6(config-cmap)#
> R6(config-cmap)# <------------CHUG, CLI Delay
> R6#sh ip nbar resources
>
> NBAR memory usage for tracking Stateful sessions
> Max-age : 120 secs
> Initial memory : 4790 KBytes
> Max initial memory : 15969 KBytes
> Memory expansion : 68 KBytes
> Max memory expansion : 68 KBytes
> Memory in use : 4790 KBytes
> Max memory allowed : 31939 KBytes
> Active links : 0
> Total links : 70454
>
>
> FWIW
>
> Nick Griffin
>
>
> On 11/29/06, Iamgoingtobeaccie Iamgoingtobeaccie <
> heyiamgoingtobeaccie@yahoo.co.in> wrote:
> >
> > Awaiting confirmation from other guys too.I know its easy to find this
> > in doc cd and other stuffs.Infact I did check the doc CD before even
> > writing my first mail.
> >
> > But I am really confused after few guys(who have the CCIE numbers
> > already) told that 'ip nbar protocol-discovery' is a mandatory command to
> > enable NBAR.I could not see this info in any of the docs.
> >
> > Advanced thanks
> >
> > serdar kut <kutserdar@gmail.com> wrote: as much as I know no it is not a
> > necessary for nbar to enable protocol discovery on interface...but cef is a
> > mandatory for all app. of nbar...
> > protocol discovery on interface may be a good accounting question :)
> >
> > Serdar
> >
> > On 11/28/06, Iamgoingtobeaccie Iamgoingtobeaccie <heyiamgoingtobeaccie@yahoo.co.in
> > > wrote: I had a look at the CCO before writing to the GS.I assumed that
> > NBAR protocol discovery is just for displaying the traffic statistics for
> > different applications.That is what I wanted to confirm here.
> >
> > thanks
> >
> > "Schulz, Dave" <DSchulz@dpsciences.com> wrote: It is not necessary to
> > enable the protocol discovery in order to
> > configure the NBAR. However, you will want to read the docCD thoroughly
> >
> > on the discovery and understand when it is needed. Hope this helps.
> >
> > Dave Schulz,
> > Email: dschulz@dpsciences.com
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Iamgoingtobeaccie Iamgoingtobeaccie
> > Sent: Monday, November 27, 2006 11:57 PM
> > To: ccielab@groupstudy.com
> > Subject: Re: NBAR Question
> >
> > One question which I have seen with a workbook was
> >
> > 1)classify HTTP without enabling CEF.As NBAR needs CEF,you are forced
> > to
> > use the second method you mentioned.
> >
> > Just adding my Query here..
> >
> > Is enabling protocol discovery (ip nbar protocol-discovery) on the
> > interface mandatory to configure NBAR?
> >
> > thanks
> >
> >
> > Lab Rat #109385382 wrote: If I was asked to match
> > HTTP traffic (to later be police'd), is there any
> > difference between doing the following:
> >
> >
> >
> > class-map HTTP
> > match protocol http
> >
> >
> >
> > with doing the following:
> >
> >
> >
> > access-list 100 permit tcp any any eq www
> > class-map HTTP
> > match access-group 100
> >
> >
> >
> > I've seen it done both ways, and I just want to know if there are any
> > distinct functional differences between the two methods.
> >
> > Thanks,
> >
> > Ed
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> > ---------------------------------
> > Find out what India is talking about on - Yahoo! Answers India
> > Send FREE SMS to your friend's mobile from Yahoo! Messenger Version 8.
> > Get it NOW
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> > ---------------------------------
> > Find out what India is talking about on - Yahoo! Answers India
> > Send FREE SMS to your friend's mobile from Yahoo! Messenger Version 8.
> > Get it NOW
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> > ---------------------------------
> > Find out what India is talking about on - Yahoo! Answers India
> > Send FREE SMS to your friend's mobile from Yahoo! Messenger Version 8.
> > Get it NOW
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Kal Han: "VPN3K - Authentication"
• Previous message: sabrina pittarel: "Re: Mistakes"
• Maybe in reply to: Lab Rat #109385382: "NBAR Question"
• Next in thread: Vincent Mashburn: "RE: NBAR Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:49 ART