Protocol inspection/discovery

Unanswered Question
Mar 16th, 2009

Hey all is there any way to do protocol inspection such as NBAR protocol discovery.

On the Cisco 3750 Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEE3, RELEASE SOFTWARE (fc2)

I pretty much want to map traffic at the application layer for a single interface. but cisco state nbar is not support for the 3750.

Thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
alanc3141592654 Mon, 03/16/2009 - 22:46

did you use

ip nbar protocol-discovery ?

I'm wanting to see what data is going across a fibre link on one of our core switches.

the above command does not work, it could be an ios thing though

Rupesh Kashyap Mon, 03/16/2009 - 22:56

GOt it, You want to monitor NBAR with discovery Interface command which is not supporting on ur IOS. Do you any idea of PDLM, if it came with ur IOS ? What Cisco TAC says ?

alanc3141592654 Mon, 03/16/2009 - 23:01

well if i can't turn nbar on. I doubt it will have a PDLM file.

I've yet to contact tac, thought i would do some research before hand.

I will contact TAC, and let you know.

Joseph W. Doherty Tue, 03/17/2009 - 19:08

"but cisco state nbar is not support for the 3750."

I believe that to be correct.

NBAR isn't generally supported on Cisco L3 switches but with a couple of exceptions. I believe a couple of WAN boards for the 6500/7600 support it (e.g. FlexWAN), and the sup32-PISA supports (I think) something similar with FPM.

Mark Yeates Tue, 03/17/2009 - 19:44

Alan,

As Joseph stated NBAR is not supported on the 3750. The 3750 does not have the hardware to support NBAR. The only switch that is able to support NBAR is the 6500. This is typically a function that is ran on a router not on a switch.

HTH,

Mark

alanc3141592654 Wed, 03/25/2009 - 21:55

Hey All,

Sorry to bring this up again.

But has anyone done any form of traffic analysis between 3750s?

3rd party software?

Joseph W. Doherty Thu, 03/26/2009 - 04:24

External packet analyzers are popular, especially the free WireShark. If the 3750 supports SPAN, you can then examine the traffic crossing a port of interest. (Analysis capabilites are also much more extensive than one NBAR provides.)

Actions

This Discussion