RE: Classifying traffic with/without NBAR from Nathan Richie on 2009-11-03 (Ccielab archives 11/2009)

From: Nathan Richie <nathanr_at_boice.net>
Date: Tue, 3 Nov 2009 16:07:41 -0500

Ah, something I learned early on.....if my memory serves me correctly, when you entered the "match protocol" command, it enables NBAR. That is why the router seems to not respond instantly the first time you configure this. I am looking in the doc CD right now to either confirm this or deny it.

Experts - can you please either confirm that I am correct or set my thinking straight?

Regards,

Nathan Richie

-----Original Message-----
From: Gavin Schokman [mailto:g_schokman_at_yahoo.com.au]
Sent: Tuesday, November 03, 2009 3:55 PM
To: Nathan Richie; ccielab_at_groupstudy.com
Subject: RE: Classifying traffic with/without NBAR

Thanks for the quick response.
Right - so that means to use this match statement, we need to enable "ip
nbar protocol-discovery" on the interfaces in order to kick-off NBAR in all
its glory, correct?

Cheers,
Gavin

-----Original Message-----
From: Nathan Richie [mailto:nathanr_at_boice.net]
Sent: 03 November 2009 20:49
To: Gavin Schokman; ccielab_at_groupstudy.com
Subject: RE: Classifying traffic with/without NBAR

Anytime you see the "match protocol" command, it is using NBAR. I did a
quick glance in the doc CD and noted that they had it listed in both
sections, however, if you look in the reference guide it states:

match protocol citrix - To configure network-based application recognition
(NBAR) to match Citrix traffic, use the match protocol citrix command in
class-map configuration mode. To disable NBAR from matching Citrix traffic,
use the no form of this command.

match protocol citrix [app application-name-string] [ica-tag
ica-tag-value]

no match protocol citrix [app application-name-string] [ica-tag
ica-tag-value]

HTH,

Nathan Richie

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Gavin Schokman
Sent: Tuesday, November 03, 2009 3:40 PM
To: ccielab_at_groupstudy.com
Subject: Classifying traffic with/without NBAR

Hi all,

Quick one.
I notice that "match protocol citrix" is listed in both "Classifying Network
Traffic" and "Classifying Network Traffic Using NBAR" sections of the QoS
DocCD.
Which one will be used if configured? i.e. does one method take preference
over the other, or does NBAR support remove the non-NBAR method?

Cheers,
Gavin

Blogs and organic groups at http://www.ccie.net
Received on Tue Nov 03 2009 - 16:07:41 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:28 ART