06-12-2008 05:28 AM - edited 03-09-2019 08:53 PM
Hi,
need to inspect and drop on Cisco router P2P traffic (the cisco IOS IPS is not available as solution) and the nbar (network based application recognition) feature may can help me.
On the documentation I found 'only' the following link for download the nbar pdlm files:
http://www.cisco.com/pcgi-bin/tablebuild.pl/pdlm
where there's present only 1 pdlm file "directconnect.pdlm" and the readme.
As indicated on the readme document on page 1:
"
Note: For customers using any Cisco IOS versions running kazaa version 6 including the Cisco IOS 12.2SB
(Exodus) release, do not download the kazaa2.pdlm module. Doing so will cause classification
issues.
"
*** THE QUESTIONS:
1) As on the router I've the last IOS T release 12.4(5)T and the version display on the router is the following:
need to download the previous directconnect.pdlm file ?
2) WHERE I CAN FIND ALL THE PDLM FILES ? (also available for the Catalyst 6500 PISA supervisor) ?
3) Need to configure the following for inspect with nbar kazaa on HTTP port:
"
This PDLM uses a new software infrastructure which is provided in the Cisco IOS software releases.
You can check that this infrastructure is supported on your platform. At any class-map configuration
prompt, enter match protocol ?. If kazaa displays as a protocol to match, then it is supported.
Kazaa can use port 80 to get around the Firewall. You can control it be adding the following to the
class-map command:
match protocol http url \.hash=*
"
06-12-2008 07:51 AM
Roberto,
Please check this link which provides a wide variety of pdlm files
http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm
You may need to check supported plaforms for NBAR implemenation and requirements in software advisory at http://www.cisco.com/public/sw-center/index.shtml
Complete NBAR document discribing configuration examples etc..
3) Need to configure the following for inspect with nbar kazaa on HTTP port:
There is a Kazaa pdf file on the link I provided above, there should be plain explanation on usage.
-
example script usage for blocking youtube, the link above on NBAR will give you several more examples and explanation.
class-map match-all YOUTUBE
match protocol http host "*youtube.com*"
!
policy-map DROP_YOUTUBE
class YOUTUBE
drop
!
interface FastEthernet0/0
description TO INTERNET
service-policy output DROP_YOUTUBE
Rgds
-Jorge
06-12-2008 08:23 AM
Thanks for the link but all the .pdlm files are not updated (the last one is 19-JUN-2007)
If I use the latest IOS version the nbar definitions are already on it ?
For example on the last 12.4T....
ISR2801-Atri#sh ip nbar version
NBAR software version: 6
1 base Mv: 2
2 ftp Mv: 2
3 http Mv: 9
4 static Mv: 6
5 tftp Mv: 1
6 exchange Mv: 1
7 vdolive Mv: 1
8 sqlnet Mv: 1
9 rcmd Mv: 1
10 netshow Mv: 1
11 sunrpc Mv: 2
12 streamwork Mv: 1
13 citrix Mv: 10
14 fasttrack Mv: 2
15 gnutella Mv: 4
16 kazaa2 Mv: 7
17 custom-protocols Mv: 1
18 rtsp Mv: 4
19 rtp Mv: 5
20 mgcp Mv: 2
21 skinny Mv: 1
22 h323 Mv: 1
23 sip Mv: 1
24 rtcp Mv: 2
25 edonkey Mv: 5
26 winmx Mv: 3
27 bittorrent Mv: 4
28 directconnect Mv: 2
29 skype Mv: 1
Regards.
06-12-2008 10:08 AM
It should based on your IOS feature set , however to be %100 sure, go to software advisory http://www.cisco.com/public/sw-center/index.shtml
and pick Compare the features in different software releases, and based on your current feature set whether is IP base, or adviced IP services and the target set you have in mind it should provide you with NBAR information.
Rgds
-Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide