12-10-2013 03:59 PM - edited 03-04-2019 09:49 PM
I'm running an ASR1001 with IOS-XE version 15.1(3)S6.
I don't seem to be able to apply a policy-map to a tunnel interface that running in "tunnel mode ipsec ipv4".
The router gives me the error: Error: NBAR is not supported on Tunnel227.
When I try "ip nbar protocol-discovery" on the tunnel interface, I get the error:
Error: NBAR is not supported on Tunnel227
NBAR 'protocol-discovery' command cannot be turned on this interface because of the following reason:
Unsupported interface type
I tested this on a 2800 series router and it works fine.
I have enabled 'qos pre-classify' on the tunnel interfaces as well as protocol-discovery on the physical interface.
I've found on several documentation sources that state that NBAR is not support on logical interfaces where tunnelling or encryption is used.
My question is, how come it works on the 2800 router with IOS 12.4(14)T1 but it does not work on the ASR1001 router?
12-10-2013 04:07 PM
I did some searching and it looks like some "match protocol" statements may be using nbar. How do I distinguish which "match protocol" statement is using nbar and which one is not?
Vince
01-01-2014 10:05 PM
Hi Vincent,
As per the below Latest document these are the tunnels which are support in these particular IOS. http://www.cisco.com/en/US/docs/ios-xml/ios/qos_nbar/configuration/xe-3s/asr1000/clsfy-traffic-nbar.html In these last couple of year NBAR added support for several tunneled interfaces: XE3.5/3.6 - IPSec tunnel, GRE tunnel, MGRE tunnel, DMVPN, PPP and Tunneled IPv6. XE3.8 - Port-Channel, Multi-Link PPP, Multi-Link Frame Relay, VASI. XE3.11 - GetVPN Please upgrade to that particular IOS based on type of tunnel for your requirement.
Thanks,
Srini.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide