Network Security Principles and Practices

Using NBAR to Classify Packets

NBAR classification is set up by defining a class map on a router. Before NBAR can be set up on a router, Cisco Express Forwarding (CEF) needs to be enabled on the router. The class-map command is used to define one or more traffic classes by specifying the criteria that the NBAR engine uses to identify the traffic.

The following example shows snippets from a router configuration in which the class-map command is used to define various types of traffic. This class map is used to classify all HTTP traffic intended for the URL containing the directory /test/. The * is a wildcard, meaning that it matches any characters that appear before or after the /.

						class-map match-all http_test
						match protocol http url "*/test/*" ...

Get Network Security Principles and Practices now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Security Principles and Practices by Saadat Malik

Using NBAR to Classify Packets

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly