09-27-2021 01:52 AM
What do I need to do to be able to use "match protocol attribute ...." on these two platforms? I use 17.3.3 with Network Advanced and DNA advanced licenses.
vrt-01(config-cmap)#match protocol ?
arp IP ARP
bridge Bridging
cdp Cisco Discovery Protocol
clns ISO CLNS
clns_es ISO CLNS End System
clns_is ISO CLNS Intermediate System
cmns ISO CMNS
compressedtcp Compressed TCP (VJ)
ip IP
ipv6 IPV6
pppoe-discovery PPPoE Discovery packets
vrt-01(config-cmap)#
09-27-2021 05:47 AM - edited 09-27-2021 05:48 AM
Hi Matthias,
Have you verified that the license is active on the switch?
And followed the steps in this guide:
09-27-2021 06:47 AM
Hi, that's the output I get for the licenses. As I have not installed the device myself I'm not sure if it's ok or if I have to do something here:
sh license authorization
Overall status:
Active: PID:C9300-24UX,SN:FOC0000000
Status: NOT INSTALLED
Purchased Licenses:
C9300 24P DNA Advantage (C9300-24 DNA Advantage):
Description: C9300-24P DNA Advantage
Total reserved count: 1
Term information:
Active: PID:C9300-24UX,SN:FOC0000000
License type: TERM
Start Date: 2021-JUL-14 UTC
End Date: 2024-JUL-14 UTC
Term Count: 1
C9300 24P Network Advantage (C9300-24 Network Advantage):
Description: C9300-24P Network Advantage
Total reserved count: 1
Term information:
Active: PID:C9300-24UX,SN:FOC0000000
License type: PERPETUAL
Term Count: 1
To which part of the guide do you refer especially? In my opinion it's more a flow exporter config than QoS. But I have read through the whole QoS config as well with no clear hint showing me what needs to be enabled first to get the NBAR commands.
09-27-2021 08:03 AM
Hi,
I am refering to the part about using nbar for in QoS policies. they mention that ip nbar should be configured on the interfaces, but I have just tested it in my lab and it does not seems to be necessary.
CORE(config)#do show run | inc nbar CORE(config)#conf t ^ % Invalid input detected at '^' marker. CORE(config)#clas CORE(config)#class-map ? WORD class-map name match-all Logical-AND all matching statements under this classmap match-any Logical-OR all matching statements under this classmap type Configure CPL Class Map CORE(config)#class-map ty CORE(config)#class-map type ? access-control access-control specific class-map control Configure control policies multicast-flows multicast class-maps stack class-map for protocol header stack specification traffic Configure a subscriber policy traffic classmap CORE(config)#class-map cp-sip ? <cr> <cr> CORE(config)#class-map cp-sip CORE(config-cmap)#mat pro CORE(config-cmap)#mat protocol ? 3com-amp3 3Com AMP3 3com-tsmux 3Com TSMUX 3pc Third Party Connect Protocol 4chan 4chan - Website that hosts found images and discussions on them. 58-city 58 City - Classified information about 58 cities in China. 914c/g Texas Instruments 914 Terminal 9pfs Plan 9 file service CAIlic Computer Associates Intl License Server Konspire2b konspire2b p2p n <output omitted> CORE(config-cmap)#mat protocol sip ? <cr> <cr> CORE(config-cmap)#mat protocol sip CORE(config-cmap)#end CORE#show inven CORE#show inventory NAME: "c93xx Stack", DESCR: "c93xx Stack" PID: C9300-24P , VID: V02 , SN: FOC000000 CORE#show ver Cisco IOS XE Software, Version 16.09.05 CORE#show license summary Smart Licensing is ENABLED Registration: Status: UNREGISTERED Export-Controlled Functionality: NOT ALLOWED License Authorization: Status: EVAL EXPIRED License Usage: License Entitlement tag Count Status ----------------------------------------------------------------------------- (C9300-24 DNA Advantage) 1 EVAL EXPIRED (C9300-24 Network Advan...) 1 EVAL EXPIRED
09-27-2021 08:08 AM
Hi again,
i have just tested this on version 17.3.4 with a 9300L and the commands are working.
DK-SJ2-FIAB#show license summary License Usage: License Entitlement Tag Count Status ----------------------------------------------------------------------------- network-advantage (C9300L 24P Network Adv...) 1 IN USE dna-advantage (C9300L 24P DNA Advantage) 1 IN USE DK-SJ2-FIAB#conf t Enter configuration commands, one per line. End with CNTL/Z. DK-SJ2-FIAB(config)#class-map cp-sip DK-SJ2-FIAB(config-cmap)#match protocol sip DK-SJ2-FIAB(config-cmap)#end DK-SJ2-FIAB#show class-map cp-sip Class Map match-all cp-sip (id 41) Match protocol sip DK-SJ2-FIAB#show ver Cisco IOS XE Software, Version 17.03.04
But this switch has netflow and NBAR configured as bart of our telemetry.
inter gi 1/0/1
ip nbar protocol-discovery
What does show ip nbar say?
DK-SJ2-FIAB#show ip nbar version NBAR software version: 40 NBAR minimum backward compatible version: 40 NBAR change ID: BLD_NBAR_ Loaded Protocol Pack(s): Name: Advanced Protocol Pack Version: 50.0 Publisher: Cisco Systems Inc. NBAR Engine Version: 40 State: Active
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide