01-15-2012 02:29 PM - edited 03-04-2019 02:54 PM
Hi Guys,
I am configuring a qos policy and creating access-list to match protocols. Question I have is whether I need to enable ip nbar-protocol discovery to match protocols in access-list ?
class-map match-any Interactive
match protocol citrix
match protocol telnet
Tks
01-15-2012 04:37 PM
Hello,
To my best knowledge, it is not necessary to configure the ip nbar protocol-discovery command in order to use match protocol clauses in class-map constructs. The ip nbar protocol-discovery causes the router to start making statistical breakdowns of various protocols passing through a particular interface. However, it has been my experience that this command was not necessary for protocol-based class-maps.
Best regards,
Peter
01-15-2012 04:53 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Peter is correct.
For the original poster, later versions of NBAR can also determine the subtype of later Citrix protocol packets. This will allow you to distinguish the "screen scraping" packets from printing or disk copying packets. The latter two sub types you probably don't want to include as interactive traffic. (NB: for earlier NBAR versions that don't recognize Citrix packet subtypes, I recall there was a Citrix PDLM that did, but I'm not positive.)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide