10-15-2006 10:32 AM - edited 03-03-2019 02:21 PM
How I can check to find out for sure protocols are being dropped using NBAR?
Here's my NBAR config:
class-map match-all nbar-drop
match protocol sqlserver
match protocol h323
match protocol skinny
match protocol fasttrack
match protocol pptp
match protocol sqlnet
match protocol xwindows
match protocol icmp
match protocol novadigm
!
!
policy-map block
class nbar-drop
drop
interface FastEthernet1/0
service-policy input block
TX
10-15-2006 11:05 AM
try using
int fa1/0
ip nbar protocol-discovery
you'll be able to check which protocols are matching, using
show ip nbar protocol-discovery
vlad
10-15-2006 05:13 PM
Vlad, what you posted are the first steps to enable NBAR on the interface...I already done all of that.
Anyone else, know a command to actually see how many packets NBAR has dropped??
TX
10-15-2006 06:27 PM
I'll have to disagree with you.
You dont need that command to enable NBAR.
Router(config)# class-map sqlnettraffic
Router(config-cmap)# match protocol sqlnet
Router(config)# policy-map sqlsetipprec1
Router(config-pmap)# class sqlnettraffic
Router(config-pmap-c)# set ip precedence 4
Router(config)# interface fastethernet 0/1
Router(config-if)# service-policy output sqlsetipprec1
That is just optional.
"Usage Guidelines
Use the ip nbar protocol-discovery command to configure NBAR to keep traffic statistics for all protocols known to NBAR. Protocol Discovery provides an easy way to discover application protocols traversing an interface so that QoS policies can be developed and applied. The Protocol Discovery feature discovers any protocol traffic supported by NBAR. Protocol Discovery can be used to monitor both input and output traffic and may be applied with or without a service policy enabled. "
"? Enabling Protocol Discovery (optional)
? Configuring a Traffic Class (required)
? Configuring a Traffic Policy (required)
? Attaching a Traffic Policy to an Interface (required)
? Downloading PDLMs (optional)
"
vlad
10-15-2006 06:34 PM
if you are dropping all those protocols, just use the statistics from the show discovery, and there's the information you need, isnt it?
Vlad
10-16-2006 12:03 AM
I agree with valdra, here is sample config of NBAR dat will give more clarity.like if we want to give 80% traffic utilization for any HTTP based application.
class-map match-all QOS-HTTPS
match access-group name QOS-HTTPS
!
policy-map QoS-to-rtrname-OUT
class QOS-HTTPS
bandwidth percent 80
!
ip access-list extended QOS-HTTPS
permit tcp any any eq 443
permit tcp any eq 443 any
!
interface Serial1/0
service-policy output QoS-to-rtrname-OUT
Thanks...Mukesh
10-16-2006 12:56 AM
Hi Mukesh,
The above configuration is not using NBAR but just plain QoS.
NBAR recogonizes packet by protocol and your match statements should have commands like
match protocol ftp
match protocol telnet
match protocol smtp
I totally agree with VLAD that the discovery command is not required for configuring NBAR.
check the following links
HTH, rate if it does
Narayan
10-16-2006 06:20 AM
Hi Narayan,
See in my sample config it shows that its matching the HTTPS traffic through access-list dats shows its a NBAR qos. but its look like a qos. this is the another way of configuring NBAR. I agree with you dat its basiclly matching the protocol so mine sample is also matching HTTP protocol. correct me if i m wrong.
Regds...Mukesh
10-16-2006 12:49 AM
Hi,
"show policy-map interface FastEthernet1/0" should give you the amount of packets matched and then dropped.
Regards, Martin
10-16-2006 01:51 AM
I get no drops...
sh policy-map interface
FastEthernet1/0
Service-policy input: block
Class-map: nbar-drop (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol sqlserver
Match: protocol h323
Match: protocol skinny
Match: protocol fasttrack
Match: protocol pptp
Match: protocol sqlnet
Match: protocol xwindows
Match: protocol icmp
drop
Class-map: class-default (match-any)
199705 packets, 222895713 bytes
5 minute offered rate 124000 bps, drop rate 0 bps
Match: any
10-16-2006 01:57 AM
10-16-2006 04:18 AM
Hi,
there is only a little mistake. class-maps by default are match-ALL. In your case traffic, which is H323 and Skinny and ... at the same time would match ... so no traffic.
Just change your class-map to match-any and you should be fine:
Router#config t
Router(config)# class-map match-any nbar-drop
Hope this helps! Please rate all posts.
Regards, Martin
10-16-2006 04:50 PM
OK, I made the changes, now I can see the packet and bytes count...but no drop count.
I also enabled "service-policy output" on int fe1/0 and I added http to class-map. and it worked I did see the drop count increment.
However I don't see the drop count for input.
check out below:
FastEthernet1/0
Service-policy input: nbar
Class-map: block (match-any)
71 packets, 7897 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol sqlserver
4 packets, 264 bytes
5 minute rate 0 bps
Match: protocol h323
1 packets, 60 bytes
5 minute rate 0 bps
Match: protocol skinny
5 packets, 300 bytes
5 minute rate 0 bps
Match: protocol fasttrack
2 packets, 120 bytes
5 minute rate 0 bps
Match: protocol pptp
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol sqlnet
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol xwindows
2 packets, 120 bytes
5 minute rate 0 bps
Match: protocol icmp
43 packets, 5962 bytes
5 minute rate 0 bps
Match: protocol novadigm
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol edonkey
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol winmx
0 packets, 0 bytes
5 minute rate 0 bps
drop
Class-map: class-default (match-any)
37104 packets, 18621469 bytes
5 minute offered rate 1000 bp
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide