Re: Code Red blocking using NBAR possible on Cat6506 ?

iwan2u · ‎12-10-2001

I have cat6506 with Supervisor Engine I, PFC I, MSFC I.

I configured CodeRed blocking using NBAR on vlan interface.

(class-map, policy-map, route-map)

but i found in Cisco website that cat6000 doesn't support NBAR.

what does it mean that Not support NBAR ?

is it mean that cat6000 can't recognize class-map? or can't recognize http? or tcp port number?

plz let me know...

and i'm sorry about my poor english. ^_^

bsivasub · ‎12-10-2001

NBAR is not supported on vlan interfaces and is supported on flexwan only since 12.1.6E1. NBAR may be supported in MSFC software in future.

when it says that it is not supported, it means that NBAR features is not officially supported on vlan interfaces and your use is not supported by TAC and any issues you may have would also not be supported.

Once we develop/test the feature in our lab and find that it is working as expected, we would officially announce it and then you can get support from TAC.

Using unsupported features is not recommended.

iwan2u · ‎12-10-2001

thanks for ur answer ^^

but i still have some questions.

I can't understand that answer "officially unsupported" exactly.

Did u mean that cat6506 cann't operate with NBAR ?

otherwise it operates with NBAR but not good ?

and does it reduce switching performance to use NBAR on cat6506 ?

bsivasub · ‎12-10-2001

NBAR feature is not implemented with 6500 hardware features in particular and unless we change it to work with 6500 hardware, we don't support it.

I don't personally know what are the side-effects of using this or any other unsupported features as there is no documentation for it nor has it been tested for interaction with any feature. That is why it is an unsupported feature.

I don't recommend using an untested feature.