Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2397
Views
0
Helpful
5
Replies

NBAR2 Support on 4500X Switches

Go to solution
davemiddlewick
Level 1
Level 1

‎05-22-2017 04:08 AM - edited ‎03-08-2019 10:40 AM

Can anybody confirm whether NBAR2 is supported on 4500X switches or not?

I am attempting to send NBAR2 info to a Solarwinds server using Flexible Netflow, Solarwinds recommend the following commands are entered into the switch:-

option application-table timeout 60
option application-attributes timeout 300

Whilst the first option is available the second is not in the IOS being used.  Solarwinds is receiving flows but not getting complete NBAR info.

Also I am unable to issue the following commands:- 

show ip nbar version
show ip nbar protocol-id

Can anyone provide any insight?

Thanks

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎05-22-2017 04:18 AM

I use NBAR for flows through netflow

have you got it enabled under your interfaces too ?

interface GigabitEthernet0/0/3
 description 
 bandwidth 150000
 no ip address
 ip nbar protocol-discovery
 ip flow monitor FLOWMONITOR input
 ip flow monitor FLOWMONITOR output

...............

 option interface-table
 option vrf-table
 option sampler-table
 option application-table
 option c3pl-class-table
 option c3pl-policy-table
 option application-attributes

................

if its not working after that post your full netflow config see  what way its setup

View solution in original post

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to davemiddlewick

‎05-22-2017 06:22 AM

hmm ok we had to enable that to get the nbar statistics through our netflow collector liveaction it was a requirement for that application with netflow  , when I check the feature navigator for 4500x  I don't see it there either

do you even have the global command ip nbar , just checked my 4500s there only access switches so we don't have netflow enabled but there is no nbar available on those either and there running new software too

cat4500e-universalk9.SPA.03.06.06.E.152-2.E6.bin"

to confirm the best thing to do is check the software version your running and go to the specific config guide for that version on the Cisco website you will see if there is any nbar available but the fact you cant configure it I would suspect its not available but that will confirm for definite

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎05-22-2017 04:18 AM

I use NBAR for flows through netflow

have you got it enabled under your interfaces too ?

interface GigabitEthernet0/0/3
 description 
 bandwidth 150000
 no ip address
 ip nbar protocol-discovery
 ip flow monitor FLOWMONITOR input
 ip flow monitor FLOWMONITOR output

...............

 option interface-table
 option vrf-table
 option sampler-table
 option application-table
 option c3pl-class-table
 option c3pl-policy-table
 option application-attributes

................

if its not working after that post your full netflow config see  what way its setup

0 Helpful

Go to solution
davemiddlewick
Level 1
Level 1
In response to Mark Malone

‎05-22-2017 06:00 AM

Thanks Mark

Specifically this relates to a 4500X switch.

The nbar command is not available within int configuration mode, I wasn't aware that you needed to add it.  It's looking more and more like it's not supported.

Can anybody give a definitive answer on this?

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to davemiddlewick

‎05-22-2017 06:22 AM

hmm ok we had to enable that to get the nbar statistics through our netflow collector liveaction it was a requirement for that application with netflow  , when I check the feature navigator for 4500x  I don't see it there either

do you even have the global command ip nbar , just checked my 4500s there only access switches so we don't have netflow enabled but there is no nbar available on those either and there running new software too

cat4500e-universalk9.SPA.03.06.06.E.152-2.E6.bin"

to confirm the best thing to do is check the software version your running and go to the specific config guide for that version on the Cisco website you will see if there is any nbar available but the fact you cant configure it I would suspect its not available but that will confirm for definite

0 Helpful

Go to solution
davemiddlewick
Level 1
Level 1
In response to Mark Malone

‎05-22-2017 06:56 AM

Many thanks for your guidance Mark.

Have come to the conclusion that NBAR isn't supported on the 4500X unless anybody tells me otherwise. Suspect it's only on routers.  None of the software releases for this platform that I looked at had the feature available.

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Mark Malone

‎05-22-2017 06:40 AM

I don't know for sure, but I would be surprised if the 4500X supported much of the deep packet inspection used by NBAR.

The only hardware switch, that I recall that came close to such, was the discontinued sup32 with PISA (and its FPM).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card