cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1209
Views
0
Helpful
2
Replies

NBAR on Tunnel interface on ASR1001

vincehgov
Level 1
Level 1

I'm running an ASR1001 with IOS-XE version 15.1(3)S6.

I don't seem to be able to apply a policy-map to a tunnel interface that running in "tunnel mode ipsec ipv4". 

The router gives me the error: Error: NBAR is not supported on Tunnel227.  

When I try "ip nbar protocol-discovery" on the tunnel interface, I get the error:

Error: NBAR is not supported on Tunnel227

NBAR 'protocol-discovery' command cannot be turned on this interface because of the following reason:

Unsupported interface type

I tested this on a 2800 series router and it works fine.

I have enabled 'qos pre-classify' on the tunnel interfaces as well as protocol-discovery on the physical interface. 

I've found on several documentation sources that state that NBAR is not support on logical interfaces where tunnelling or encryption is used.

My question is, how come it works on the 2800 router with IOS 12.4(14)T1 but it does not work on the ASR1001 router?

2 Replies 2

vincehgov
Level 1
Level 1

I did some searching and it looks like some "match protocol" statements may be using nbar.  How do I distinguish which "match protocol" statement is using nbar and which one is not?

Vince

srikeert
Cisco Employee
Cisco Employee
Hi Vincent,

As per the below Latest document these are the tunnels which are support in these particular IOS. http://www.cisco.com/en/US/docs/ios-xml/ios/qos_nbar/configuration/xe-3s/asr1000/clsfy-traffic-nbar.html In these last couple of year NBAR added support for several tunneled interfaces: XE3.5/3.6 - IPSec tunnel, GRE tunnel, MGRE tunnel, DMVPN, PPP and Tunneled IPv6. XE3.8 - Port-Channel, Multi-Link PPP, Multi-Link Frame Relay, VASI. XE3.11 - GetVPN Please upgrade to that particular IOS based on type of  tunnel for your requirement.

Thanks,
Srini.
Review Cisco Networking for a $25 gift card