Configuring NBAR for Stateful Protocols

This topic describes the Cisco IOS commands that are required to configure NBAR to recognize TCP and UDP stateful protocols.

NBAR has enhanced classification capabilities for HTTP. It can classify packets belonging to HTTP flows based on the following:

■ The URL portion after the host name, which appears in the GET request of the HTTP session

■ The host name specified in the GET request

■ The MIME type specifying the type of object in the HTTP response

Note The match protocol command has been discussed previously in this lesson

The following example classifies, within the class map called "classl," HTTP packets based on any URL containing the string "whatsnew/latest" followed by zero or more characters:

class-map classl match protocol http url whatsnew/latest*

The following example classifies, within the class map called "class2," packets based on any host name containing the string "cisco" followed by zero or more characters:

class-map class2 match protocol http host cisco*

The following example classifies, within the class map called "class3," packets based on the Joint Photographic Experts Group (JPEG) MIME type:

class-map class3 match protocol http mime "*jpeg"

Applications that use FastTrack include KaZaA, Grokster, and Morpheus (although newer versions of Morpheus use Gnutella).

A regular expression is used to identify specific FastTrack traffic. For instance, entering "cisco" as the regular expression would classify the FastTrack traffic containing the string "cisco" as a match for the traffic policy.

To specify that all FastTrack traffic be identified by the traffic class, use "*" as the regular expression.

The following example configures NBAR to match all FastTrack traffic: match protocol fasttrack file-transfer "*"

In the following example, all FastTrack files that have the "mpeg" extension will be classified into class-map nbar.

class-map match-all nbar match protocol fasttrack file-transfer "*.mpeg"

The following example configures NBAR to match FastTrack traffic that contains the string "cisco":

match protocol fasttrack file-transfer "*cisco*"

Was this article helpful?

0 0

Post a comment