If I want to use NBAR, do I have to load any additional modules from flash? According to documentation, NBAR is available with IOS Release 12.0(5)XE2. Are the additional modules that need to be loaded from flash "just" to extend the functionality of NBAR.. IE.
packet description language module (PDLM)
My question is this: If I have IOS Release 12.0(5)XE2, can I immediately start using NBAR, or do I have to load additional modules?
Yes, it seems like you will be able to block those badhosts correctly. the Dscp number, i am not sure, but whatwver you pick up, you would need to use that in your access-list. As far as your question for surity about other applications/traffic not using that DSCP is concerned. i dont think there is any way to distinguish it. So other packets could also have the DSCP of 1.
Do I "have" to set the DSCP number? I've seen other examples that don't use the DSCP number...
I've seen examples that show similar to this... Does the "drop" statement in the policy-map take the place of adding an entry to an ACL to deny a specific DSCP number?
class-map match-any bad-hosts
match protocol http host "*badhost1.com*"
match protocol http host "*badhost2.com*"
match protocol http host "*badhost3.com*"
service-policy input block-badhosts
Thanks for your help! I plan on putting this into effect on our 7200 edge router Wednesday morning and would like as much input before putting it into effect. I've been reading as much about nbar as I can find and just want to clear up a few things first...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...