Protocol inspection/discovery

Unanswered Question
Mar 16th, 2009
User Badges:

Hey all is there any way to do protocol inspection such as NBAR protocol discovery.

On the Cisco 3750 Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEE3, RELEASE SOFTWARE (fc2)

I pretty much want to map traffic at the application layer for a single interface. but cisco state nbar is not support for the 3750.

Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Rupesh Kashyap Mon, 03/16/2009 - 20:45
User Badges:

Hi I have 3750, and I have configured default NBAR, please cross-check again.

alanc3141592654 Mon, 03/16/2009 - 22:46
User Badges:

did you use

ip nbar protocol-discovery ?

I'm wanting to see what data is going across a fibre link on one of our core switches.

the above command does not work, it could be an ios thing though

Rupesh Kashyap Mon, 03/16/2009 - 22:56
User Badges:

GOt it, You want to monitor NBAR with discovery Interface command which is not supporting on ur IOS. Do you any idea of PDLM, if it came with ur IOS ? What Cisco TAC says ?

alanc3141592654 Mon, 03/16/2009 - 23:01
User Badges:

well if i can't turn nbar on. I doubt it will have a PDLM file.

I've yet to contact tac, thought i would do some research before hand.

I will contact TAC, and let you know.

Joseph W. Doherty Tue, 03/17/2009 - 19:08
User Badges:
  • Super Bronze, 10000 points or more

"but cisco state nbar is not support for the 3750."

I believe that to be correct.

NBAR isn't generally supported on Cisco L3 switches but with a couple of exceptions. I believe a couple of WAN boards for the 6500/7600 support it (e.g. FlexWAN), and the sup32-PISA supports (I think) something similar with FPM.

Mark Yeates Tue, 03/17/2009 - 19:44
User Badges:
  • Gold, 750 points or more


As Joseph stated NBAR is not supported on the 3750. The 3750 does not have the hardware to support NBAR. The only switch that is able to support NBAR is the 6500. This is typically a function that is ran on a router not on a switch.



alanc3141592654 Wed, 03/25/2009 - 21:55
User Badges:

Hey All,

Sorry to bring this up again.

But has anyone done any form of traffic analysis between 3750s?

3rd party software?

Joseph W. Doherty Thu, 03/26/2009 - 04:24
User Badges:
  • Super Bronze, 10000 points or more

External packet analyzers are popular, especially the free WireShark. If the 3750 supports SPAN, you can then examine the traffic crossing a port of interest. (Analysis capabilites are also much more extensive than one NBAR provides.)


This Discussion