Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

NBAR

Hi all,

I've this scenario:

client ---Router---web server

I'd like to configure a policy with a class that match protocol http url (NBAR) and apply it outbound towards web server on Router. The question is: does it match only the http request for that url or the reply too? I'm very confused...since I don't understand if NBAR used inspection to classify traffic in both direction..even if the policy is applied only outbound.

Can I match an url appling my policy in input?

Many thanks in advance for your support

Regards

2 REPLIES
Hall of Fame Super Silver

Re: NBAR

Hello Gianluca,

nbar will work on only one direction depending on the direction in which you apply the service-policy that uses the class-map that calls with match protocol the NBAR feature.

Be aware that at L4

match protocol http

is able only to match traffic from client to server

=

access-list 121 permit tcp any any eq 80

the return traffic is not HTTP, here TCP 80 is the source port

access-list 122 permit tcp any eq 80 any

there was another thread about this.

I would suggest you to use it on the interface between client and router to be able to shape on the outgoing interface based on marking you do on the client-to-router interface:

two service-policy one used to mark in client to router and the other one used outbound on interface to the web server.

Hope to help

Giuseppe

New Member

Re: NBAR

HI Giuseppe,

thanks for your support.

Gianluca

113
Views
3
Helpful
2
Replies
CreatePlease to create content