Actually, that's one of my doubts as well. Andrew made it long but in short my doubts summarizes in:
ip nbar port-map xxx and ip port-map xxx What's the dfference between them. I have always used ip port-map with class-map match protocol command. I have been taught that nbar feature was match protocol. Anyways, any lights would be appreciated On Sun, May 8, 2011 at 4:32 PM, Andrew Wurster <[email protected]>wrote: > hey guys - > > i wanted to clarify something regarding port-to-application mapping. > thought i had it down, but second guessing myself today. > > as i understand it, there are 4 ways we can classify custom traffic by a > protocol "name" using some type of PAM. i am wondering, in what scenarios > are the *ip nbar port-map* and *ip port-map* command interchangeable, if > at all...? > > 1. NBAR port-map -> specifically used for FW features like ZBFW and > CBAC. > 1. custom protocol NBAR port-map -> useful for adding a completely > new protocol for deep packet inspection. requires a custom PHDF and the > protocol name* prefixed with custom-*. > > *ip nbar custom* *name* [*offset* [*format value*]] [*variable* > *field-name > field-length*] [*source* | *destination*] [*tcp* | *udp *] [*range* > *start end* | *port-number *] > *ip nbar port-map* *protocol-name** *[*tcp* | udp] *port-number > > * > 2. *well-known protocol NBAR port-map -> useful for adding a custom > port to a well-known pre-defined protocol. > > ip nbar port-map protocol-name [tcp | udp] port-number > > * > 2. PAM -> [legacy???] port to application mapping. used in features > like packet marking in regular MPF. uses the ip port-map command > 1. well-known protocol port-map -> can map a custom port to a > pre-defined protocol. > > *ip port-map **appl_name** port **port_num** *[*list **acl_num*] > > 2. user port-map -> can map a custom application to a particular > port. requires the protocol name to be prefixed by *user-. > * > *ip port-map **appl_name** port **port_num** *[*list **acl_num*] > ** > > > so using the example of mapping TCP/10000 for HTTP use: > > for firewall: > > *ip nbar port-map http port tcp 10000* > > OR > > *ip nbar port-map custom-01 tcp 10000 * > > > > for regular QoS: > > *ip port-map http port tcp 10000* > OR > *ip port-map user-MY-HTTP-MAP port tcp 10000* > > > any help to understand application of this concept in the lab would be much > appreciated. > > thanks! > > andrew > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
