NBAR discovery on 3850???

luis.rosello · ‎02-09-2016

I'm working on a very extensive QOS project, and the first thing I would like to do is turn on nbar protocol-discovery, but it seems the 3850s don't have that command option anymore??? Is there an alternative at looking at what kind of traffic I have traversing a switch? Thanx.

Philip D'Ath · ‎02-09-2016

Span a port to a machine running Wireshark?

Joseph W. Doherty · ‎02-10-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

You've discovered one of the differences between a Cisco L3 switch and a Cisco router, the former is often poorer in feature supported.

The only L3 switch, that I'm aware of, that had something like NBAR was the 6500 with a sup-32 PISA, which supported FPM.

As to alternatives, some NBAR is just the same as ACL but with a "pretty face". Some NBAR, though, does deeper packet inspection. The latter, just cannot be done on almost all Cisco L3 switches.

If you really need advanced NBAR matching, you'll need a Cisco ISR or ASR.

luis.rosello · ‎02-12-2016

Thanx for the answers guys, I was hopping to be able to do some "smarter" markings based on protocols, rather then ACLs, and the usual IP addressing, ports, etc...