Collin Clark Mon, 06/09/2008 - 07:08
User Badges:
  • Purple, 4500 points or more
lee.reade Mon, 06/09/2008 - 07:12
User Badges:
  • Silver, 250 points or more


NBAR, is Network Based Application Recognition, and it allows to deep packet inspection (OSI level 7 - application) to determine the content of a specific packet.

ie, it can look at a packet and determine if its FTP traffic, or VoIP traffic, for example.

To use it with QoS you just create a class-map and then use the "match protocol" command, to specify what traffic you want to match on, you then put the class-map into a policy map and apply to the interface.

There are requirements for NBAR to function properly, one of which is CEF, so you'd best be running newer code.

NBAR can also be enabled directly under an interface via the "ip nbar protocol-discovery" command, this allows you to see the different types of traffic passing through the interface.

Hope this helps.

Here is the link to cco for NBAR config guide;



foxbatreco Mon, 06/09/2008 - 08:26
User Badges:
  • Bronze, 100 points or more

NBAR is a protocol which discovers the protocols running on the router and helps to identify protocol applications running on the device/interface.

Enable it using ip nbar protocol-discovery under the intended interface(normally the locallan) to identify the application protocols.

This required cef to be running or enabled on the router for it to pull the statistics from each packet and parse minute details of protocols running & use these to apply QOS for depending on the criticality of the application.

However it cant be used on interfaces with tunneling or encryption put on & on dialer and FE channels.


This Discussion