[OSL | CCIE_Security] PAM clarifications

Sun, 08 May 2011 13:23:40 -0700 

hey guys -

i wanted to clarify something regarding port-to-application mapping.
 thought i had it down, but second guessing myself today.

as i understand it, there are 4 ways we can classify custom traffic by a
protocol "name" using some type of PAM.  i am wondering, in what scenarios
are the *ip nbar port-map* and *ip port-map* command interchangeable, if at
all...?

   1. NBAR port-map -> specifically used for FW features like ZBFW and CBAC.
      1. custom protocol NBAR port-map -> useful for adding a completely new
      protocol for deep packet inspection.  requires a custom PHDF and the
      protocol name* prefixed with custom-*.

      *ip nbar custom* *name* [*offset* [*format value*]] [*variable*
*field-name
      field-length*] [*source* | *destination*] [*tcp* | *udp *]
[*range* *start
      end* | *port-number *]
      *ip nbar port-map* *protocol-name** *[*tcp* | udp] *port-number

      *
      2. *well-known protocol NBAR port-map -> useful for adding a custom
      port to a well-known pre-defined protocol.

      ip nbar port-map protocol-name [tcp | udp] port-number

      *
   2. PAM -> [legacy???] port to application mapping.  used in features like
   packet marking in regular MPF.  uses the ip port-map command
      1. well-known protocol port-map -> can map a custom port to a
      pre-defined protocol.

      *ip port-map **appl_name** port **port_num** *[*list **acl_num*]

      2. user port-map -> can map a custom application to a particular port.
       requires the protocol name to be prefixed by *user-.
      *
      *ip port-map **appl_name** port **port_num** *[*list **acl_num*]
      **


so using the example of mapping TCP/10000 for HTTP use:

for firewall:

*ip nbar port-map http port tcp 10000*

    OR

*ip nbar port-map custom-01 tcp 10000  *



for regular QoS:

*ip port-map http port tcp 10000*
    OR
*ip port-map user-MY-HTTP-MAP port tcp 10000*


any help to understand application of this concept in the lab would be much
appreciated.

thanks!

andrew

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to