RE: Classifying traffic with/without NBAR from Ryan West on 2009-11-03 (Ccielab archives 11/2009)

From: Ryan West <rwest_at_zyedge.com>
Date: Tue, 3 Nov 2009 16:01:02 -0500

Gavin,

> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Gavin Schokman
> Sent: Tuesday, November 03, 2009 3:55 PM
> To: 'Nathan Richie'; ccielab_at_groupstudy.com
> Subject: RE: Classifying traffic with/without NBAR
>
> Thanks for the quick response.
> Right - so that means to use this match statement, we need to enable
> "ip
> nbar protocol-discovery" on the interfaces in order to kick-off NBAR in
> all
> its glory, correct?
>

No. I thought this as well. You can test by doing http regex matches with and without ip nbar protocol-disovery enabled. You will notice the router loading the NBAR data into memory when you enter the command (e.g. match protocol http). Ip nbar protocol-discovery enables all NBAR related statistics on the associated interface.

-ryan

Blogs and organic groups at http://www.ccie.net
Received on Tue Nov 03 2009 - 16:01:02 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:28 ART