You have seen how to use NBAR to classify traffic. As soon as traffic has been classified, the policy-map commands are used to match the various classes with either QoS or security rules. We will concentrate on the various security rules that can be applied using the policy maps.
There are a few ways that NBAR-classified packets can be dealt with using policy maps:
Using DSCP or ToS with simple access lists to mark and drop packets
Using DSCP or ToS with policy routing to mark and drop NBAR classified traffic
Using traffic policing to manage NBAR classified traffic
We will look at each of these in the following sections.
Packets classified ...