Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
455
Views
0
Helpful
4
Replies

NBAR Problems

Go to solution
dbellaze
Level 4
Level 4

‎11-07-2005 05:58 PM - edited ‎03-03-2019 10:54 AM

Hello all.

I have a simple nbar configuration.

Class Map match-any p2p_match

Match protocol kazaa2

Match protocol winmx

Match protocol edonkey

Match protocol gnutella

Match protocol napster

Match protocol fasttrack

Match protocol bittorrent

!

policy-map p2p_drop

class p2p_match

drop

class class-default

!

interface gi 0/1.1

service-policy output p2p_drop

!

The problem I am having is we have some internal applications that traverse this router that happen to use port's that the NBAR signatures have defined.

Does anyone know how to bypass NBAR using source/destination IP's and or ports and still block P2P file sharing with NBAR?

I have been digging around and I can't seem to find a way to do this.

Daniel

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
d.wingert
Level 1
Level 1

‎11-08-2005 06:52 AM

Hello Daniel,

how about creating another class-map that filters your internal applications via an access-list on source/destination IPs or ports and to put that class in your policy-map before your class p2p_match?

Something like this:

class-map match-all INTERNAL-APPS

match access-group name ALLOW-INTERNAL-APPS

class-map match-any p2p_match

match protocol kazaa2

match protocol winmx

match protocol edonkey

match protocol gnutella

match protocol napster

match protocol fasttrack

match protocol bittorrent

!

policy-map p2p_drop

class ALLOW-INTERNAL-APPS

class p2p_match

drop

class class-default

!

ip access-list extended ALLOW-INTERNAL-APPS

permit ip x.x.x.x 255.255.255.0 x.x.x.x 255.255.255.0

Regards, Dirk.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
d.wingert
Level 1
Level 1

‎11-08-2005 06:52 AM

Hello Daniel,

how about creating another class-map that filters your internal applications via an access-list on source/destination IPs or ports and to put that class in your policy-map before your class p2p_match?

Something like this:

class-map match-all INTERNAL-APPS

match access-group name ALLOW-INTERNAL-APPS

class-map match-any p2p_match

match protocol kazaa2

match protocol winmx

match protocol edonkey

match protocol gnutella

match protocol napster

match protocol fasttrack

match protocol bittorrent

!

policy-map p2p_drop

class ALLOW-INTERNAL-APPS

class p2p_match

drop

class class-default

!

ip access-list extended ALLOW-INTERNAL-APPS

permit ip x.x.x.x 255.255.255.0 x.x.x.x 255.255.255.0

Regards, Dirk.

0 Helpful

Go to solution
dbellaze
Level 4
Level 4
In response to d.wingert

‎11-08-2005 07:00 AM

Actually, I did try that thinking that would be the easiest way. But it didn't work. I didn't even see any hits on the class allowing my internal apps.

I don't know if an action needs to be applied to the class in the policy map for it to take effect?

Daniel

0 Helpful

Go to solution
olorunloba
Level 5
Level 5
In response to dbellaze

‎11-09-2005 10:08 AM

I think you should use nested match classes. This allows you to combine match any and match all. The idea is that the P2P applicaton should be matched, only if the internal ip address are not matched. Consider the following

Class Map match-any p2p_protocol

Match protocol kazaa2

Match protocol winmx

Match protocol edonkey

Match protocol gnutella

Match protocol napster

Match protocol fasttrack

Match protocol bittorrent

!

class-map match-all P2P

Match class-map p2p_protocol

Match not access-group Internal_IP_ACL

policy-map Peer2Peer

class P2P

0 Helpful

Go to solution
dbellaze
Level 4
Level 4
In response to d.wingert

‎11-10-2005 07:50 AM

Dirk,

I tried it again and it worked. Not for sure why it didn't the first time. Maybe I just miss typed some thing.

Daniel

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card