i want to use NBAR for filtering some URLs. i did following config and it works good for LAN segment users but when i enter commanf "service-policy ..." in inteface group-async i got the error "CEF or distributed CEF switching is required for NBAR 'match protocol' command" 8 times and the filtering doesn't work for dialin users. Please help me. Thanks.
class-map match-any xxx
match protocol http url "*sex*"
match protocol http url "*xxx*"
match protocol http url "*teen*"
match protocol http url "*anal*"
match protocol http url "*fuck*"
match protocol http host "*sex.com*"
match protocol http host "*xxx.com*"
match protocol http host "*porno*"
match protocol http host "*teen*"
match protocol http host "*anal*"
match protocol http host "*fuck*"
set ip dscp 1
ip address 192.168.100.254 255.255.255.0 secondary
you need to enable cef (Cisco Express Fowarding) in global configuration mode. You should also enable cef accounting on the interface if your processor can handle it. Also know that NBAR can have a perfomance effect on your router if many match statements are in place (I'd feel safe using at least a 3700 if their is heavy traffic).
XXXXXXXX(config)#ip cef ?
accounting Enable CEF accounting
load-sharing Load sharing
table Set CEF forwarding table characteristics
traffic-statistics Enable collection of traffic statistics
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...