Thing is none of them are using it or have it installed, so I don't understand why NetFlow is reporting it?

Edonkey seems to be on tcp port 4662, could a user dynamically mapped to this port for use with another application?

Also how do I add another port map to nbar? I want to add citrix metaframe to port 2598.

Do Cisco brting our updated nbar ports lists?

Hi

You can make sure that NBAR isn't classifying the traffic by using the following command:

* show ip nbar unclassified-port-stats

Once verified you can manually add a custom port map with the following command:

* ip nbar port-map citrix tcp 2598

If you have CCO you can download the latest Custom Packet Description Language Module (PDLM) from Cisco software downloads to allow new protocol support for NBAR without the requirement of an IOS release upgrade and router reload.

Regards

Phillip

HI, [PLS RATE if HELPS]

Most companies now use NBAR - Network-Based Application Recognition.

Download the PDLM from Cisco to your flash then configure.

ip nbar pdlm flash:bittorrent.pdlm

ip nbar pdlm flash:eDonkey.pdlm

ip nbar pdlm flash:gnutella.pdlm

ip nbar pdlm flash:kazaa2.pdlm

ip nbar pdlm flash:WinMX.pdlm

ip nbar pdlm flashrinter.pdlm

!

class-map match-any nbar-discovery

match protocol gnutella

match protocol kazaa2

match protocol napster

match protocol printer

match protocol http url "*cmd.exe*"

match protocol fasttrack

match protocol novadigm

match protocol edonkey

match protocol bittorrent

!

!

policy-map ip-prec-marked

class nbar-discovery

drop

!

Interface Serial0/1

ip nbar protocol-discovery

service-policy input ip-prec-marked

Hope I am INFORMATIVE.

PLS RATE if HELPS

Best Regards,

Guru Prasad R

When I do a show flash, the PDLM is not in there does this mean I don't have the lastest and just the one in the IOS?

My interface is VLAN 1 I take it I'll use this instead of serial 0/1?

What does your config do?

You can make sure that NBAR isn't classifying the traffic by using the following command:

* show ip nbar unclassified-port-stats

This is off

I've added ip nbar port-map citrix tcp 2598

I am using the latest IOS for that router do I still need to download the PDLM? My version is 12.4(15)T1?

HI, [PLS RATE if HELPS]

CISCO has released several PDLM for P2P Applications.

You will need to download the PDLM that match your IOS Version and add the same to your FLASH of Router.

Later with the Configuration posted you should be able to BLOCK as per requirement.

PLS RATE if HELPS

Best Regards,

Guru Prasad R

I don't want to block just monitor.

For the PDLM, there are loads of individual files like edonkey.pdlm, citrix.pdlm, do all these individual files need to be downloaded to the flash and does the router need to be rebooted after?

I'm not sure of the process.

HI,

Yes for each application CISCO has PDLM availaible and you need to download to the flash to have them block.

I don't know whether it requires reboot / not.

For NBAR services the using of PDLM is the best way to Block.

You can check some cisco documents whether it requires reboot / not.

DO RATE ALL HELPFUL POSTS

Best Regards,

Guru Prasad R

I can't find the PDLM for my Cisco 877 aren't the PDLM's for all routers the same??

I don't want to block these apps, just monitor via Netflow.

HI,

I know PDLM is based on IOS Versions but i don't know whether this is router based.

DO RATE ALL HELPFUL POSTS.

Best Regards,

Guru Prasad R