Master CCNA

How to Master CCNA Ebook

 

 

My book will help you Master CCNA

Master CCNP SWITCH

How to master CCNP SWITCH ebook

 

 

My book will help you Master CCNP SWITCH

Master CCNP ROUTE

How to master CCNP ROUTE Ebook

 

 

My book will help you Master CCNP ROUTE

Print

Network Based Application Recognization (NBAR)

Written by Rene Molenaar on . Posted in Quality of Service (QOS)

Scenario:

As the owner of a small company you notice some of your employees are slacking off at the job and spending their time at Facebook, Twitter and some other sites. You want to configure your network so these sites are blocked. While you are at it you also want to block some of the worms that are on the Internet.

Goal:

  • All IP addresses have been preconfigured for you.
  • OSPF has been preconfigure for full connectivity.
  • Configure router Sluggish so all traffic from Twitter is dropped on the FastEthernet 1/0 interface.
  • Configure router Sluggish so it can detect the NIMDA worm and drops the traffic on the FastEthernet 1/0 interface.
  • Configure router Sluggish so it marks Youtube traffic down to DSCP 0 on the FastEthernet 1/0 interface.

IOS:

c3640-jk9s-mz.124-16.bin

Topology:

NBAR

Video Solution:

You need to a flashplayer enabled browser to view this YouTube video

You need to register to download the GNS3 Topology File. (Registration is Free!)

Only registered users can write comments!

Comments (5)

  • avatar
    SteveOcchO86
    2011-11-20 22:00:04

    Create class maps that match on protocol http url, set the appropriate policy maps to drop or set the dscp value and then nest the policy maps.

  • avatar
    SteveOcchO86
    2011-11-20 22:01:13

    Can't edit my post, may also want to enable ip nbar protocol discovery on the interfaces

  • avatar
    ReneMolenaar
    2011-11-24 20:48:54

    Hi Steve,

    That's how to do it :) The Cisco website has an example of how to use NBAR to detect worms:

    http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_tech_note09186a0080110d17.shtml

    Rene

  • avatar
    nour
    2012-04-23 08:56:29

    idea, just enabling the ip nbar protocol discovery on the interface and creat class- map ospf and apply drop on this class under the policy map , you will find the ospf in loading state not full state :)

  • avatar
    ReneMolenaar
    2012-04-23 12:34:58
    Quote:
    dea, just enabling the ip nbar protocol discovery on the interface and creat class- map ospf and apply drop on this class under the policy map , you will find the ospf in loading state not full state

    That'll work but that's a "very" quick and dirty method of getting the job done :P Better to keep the OSPF adjacency up and running and filter using another method ;)