![]() ![]() ![]() |
NBAR (Network Based
Application Recognition) is an
intelligent classification engine in Cisco IOS Software that can
recognize a wide variety of applications like Web-based and
client/server applications. It can analyze & classify application
traffic in real time. NBAR is supported in most Cisco switches and
routers and this information is available via SNMP. Click here to view the list of
protocols that are recognized by NBAR.
NBAR, by adding
intelligent network classification to your
infrastructure, helps in ensuring that the network bandwidth is used
efficiently by working with QoS(Quality Of Service ) feature. With
NBAR, network-traffic classification becomes possible and by this we
can know how much of say , HTTP traffic is going on. By knowing this,
QoS standards can be set. Unlike NetFlow, which relies on port &
protocol for application categorization, NBAR performs a deep-packet
inspection and allows you to recognize applications that use dynamic
ports. Also, the NBAR approach is useful in dealing with malicious
software using known ports to fake being "priority traffic", as well as
non-standard applications using non-determinaly ports.
You will first have to check whether your router supports NBAR. Please visit here to know about the Platforms & IOS that support NBAR. NBAR can be enabled only on those interfaces which are identified by NetFlow Analyzer.
If your router supports NBAR, then you will have to enable NBAR on each of the interface that you want to collect NBAR statistics.
NBAR can be enabled in two ways:
The following is a set of commands issued on a router to
enable NBAR on the FastEthernet 0/1 interface.
|
Please note that the part in red
has to be repeated for each interface individually.
Alternately, you may check the router's NBAR supported status and also enable NBAR on the interfaces from the NetFlow Analyzer's NBAR Configuration page. The steps to enable from User Interface are:
Disabling NBAR can be done in two ways.
The following is a set
of commands issued on a router to
disable NBAR on the FastEthernet 0/1 interface.
router#enable |
Please note that the part in red
has to be repeated for each interface individually.
The steps to disable from User Interface are:
What is Polling - The process of sending the SNMP request periodically to the device to retrieve information ( Traffic usage/ Interface Statistics in this case ) is termed polling. A low polling interval (of say 5 minutes) gives you granular reports but may place an increased load on your server if you poll large amount of interfaces. Time out value needs to be set to a higher value in case your routers are at remote locations.
After NBAR has been enabled on select interfaces the polling can be started on those interfaces.
Polling can be done on those interfaces on which NBAR has been enabled earlier.Please do the following to start polling on an interface:
Polling can be stopped on those interfaces by following these steps.
![]() |
The default NBAR data storage period is 2 months. You can change the storage period from Raw Data Settings under Settings page. |
![]() ![]() ![]() |