It is my understanding that NBAR is able to classify certain packets based on certain descriptors in the packet. It is also my understanding that the FTP client and server negotiate different port numbers once the session is initiated. I have enable NBAR protocol discovery on all ports and Debug NBAR unclassified port stats. Once the session is initiated all FTP traffic is classified as unknown with different port numbers. I have also tried using extended access lists to match some traffic but it only sees the initial traffic.
How can I classify FTP traffic coming into my router from the internet?
Are you using NAT or TCP Intercept feature on the same router? I have had experiences when mixing these features with the NBAR that it did not work as expected. The NAT or TCP Intercept modify the original packet's header fields, thereby wreaking havoc with the NBAR. I have even made a note to myself that when the NBAR was enabled on a "NAT inside" interface, it was not able to properly classify the FTP flows which may well be the issue you are experiencing yourself.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.