Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
670
Views
5
Helpful
4
Replies

Filtering Application Layer 7 Traffic with 6509

NPT_2
Level 2
Level 2

‎12-12-2003 08:53 AM - edited ‎03-02-2019 12:19 PM

I would like to know what would be required to filter application layer traffic on a 6509 Switch. What I would like to be able to do is filter layer 7 traffic such as audio streams or other content that go over port 80. Is there a way to do this with any module such as a Content Switching Module or a Nework Analysis Module? Or could this be possible to do just in the 6509 IOS? We have a Sup1A with PFC1 and MSFC1. What do you think?

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎12-13-2003 02:00 AM

Hello,

you could use NBAR (Network Based Application Recognition), which is an IOS feature and which is supported on the 6509 with SUP1A/MFSC1.

Basically what you do is you define a traffic policy for the traffic you want to filter and you apply rules to that traffic. Let´s say you want to filter all ICA/CITRIX traffic and apply a specific precedence to that protocol, effectively prioritizing

that traffic over other traffic, this what you would do:

6509(config)# class-map ICA

6509(config-cmap)# match protocol ica

!

6509(config)# policy-map CITRIX

6509(config-pmap)# class ICA

6509(config-pmap-c)# set ip precedence 5

!

6509(config)# interface fastethernet 0/1

6509(config-if)# service-policy output CITRIX

Check out this link for detailed information on how NBAR works:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm#1020763

HTH,

Georg

NPT_2
Level 2
Level 2
In response to Georg Pauwen

‎12-18-2003 01:14 PM

Unfortunately I just found out unless you have a flexiwan module NBAR is only supported with a MSFC2 Minimum, so unfortunately I cannot run NBAR. It is even listed in that link provided.

0 Helpful

rwcrowe
Level 1
Level 1
In response to NPT_2

‎12-19-2003 09:50 AM

An easier way to filter port 80 traffic is to use a product such as Websense. It integrates with almost every major firewall out there.

0 Helpful

NPT_2
Level 2
Level 2
In response to rwcrowe

‎12-19-2003 10:44 AM

We are using websense, the only issue with that is that in order to do filtering other than http traffic on port 80 you have to span all your internet traffic to the websense server which I prefer not to have to do.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card