Sorry Default MQC is QoS based MQC model, policing, shaping, LLQ, CBWFQ, etc.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Tyson Scott [mailto:[email protected]] Sent: Sunday, May 08, 2011 9:43 PM To: 'Bruno'; 'Andrew Wurster' Cc: 'OSL Security' Subject: RE: [OSL | CCIE_Security] PAM clarifications NBAR = Default MQC type; which is MQC Port-map = Firewall MQC; which is either Legacy Firewall (That doesn't follow MQC model) or ZFW Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Bruno Sent: Sunday, May 08, 2011 8:34 PM To: Andrew Wurster Cc: OSL Security Subject: Re: [OSL | CCIE_Security] PAM clarifications Actually, that's one of my doubts as well. Andrew made it long but in short my doubts summarizes in: ip nbar port-map xxx and ip port-map xxx What's the dfference between them. I have always used ip port-map with class-map match protocol command. I have been taught that nbar feature was match protocol. Anyways, any lights would be appreciated On Sun, May 8, 2011 at 4:32 PM, Andrew Wurster <[email protected]> wrote: hey guys - i wanted to clarify something regarding port-to-application mapping. thought i had it down, but second guessing myself today. as i understand it, there are 4 ways we can classify custom traffic by a protocol "name" using some type of PAM. i am wondering, in what scenarios are the ip nbar port-map and ip port-map command interchangeable, if at all...? 1. NBAR port-map -> specifically used for FW features like ZBFW and CBAC. 1. custom protocol NBAR port-map -> useful for adding a completely new protocol for deep packet inspection. requires a custom PHDF and the protocol name prefixed with custom-. ip nbar custom name [offset [format value]] [variable field-name field-length] [source | destination] [tcp | udp ] [range start end | port-number ] ip nbar port-map protocol-name [tcp | udp] port-number 2. well-known protocol NBAR port-map -> useful for adding a custom port to a well-known pre-defined protocol. ip nbar port-map protocol-name [tcp | udp] port-number 2. PAM -> [legacy???] port to application mapping. used in features like packet marking in regular MPF. uses the ip port-map command 1. well-known protocol port-map -> can map a custom port to a pre-defined protocol. ip port-map appl_name port port_num [list acl_num] 2. user port-map -> can map a custom application to a particular port. requires the protocol name to be prefixed by user-. ip port-map appl_name port port_num [list acl_num] so using the example of mapping TCP/10000 for HTTP use: for firewall: ip nbar port-map http port tcp 10000 OR ip nbar port-map custom-01 tcp 10000 for regular QoS: ip port-map http port tcp 10000 OR ip port-map user-MY-HTTP-MAP port tcp 10000 any help to understand application of this concept in the lab would be much appreciated. thanks! andrew _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
