thanks tyson! i think i got it now. On Sun, May 8, 2011 at 6:51 PM, Tyson Scott <[email protected]> wrote:
> Sorry Default MQC is QoS based MQC model, policing, shaping, LLQ, CBWFQ, > etc. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Managing Partner / Sr. Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* Tyson Scott [mailto:[email protected]] > *Sent:* Sunday, May 08, 2011 9:43 PM > *To:* 'Bruno'; 'Andrew Wurster' > *Cc:* 'OSL Security' > *Subject:* RE: [OSL | CCIE_Security] PAM clarifications > > > > NBAR = Default MQC type; which is MQC > > Port-map = Firewall MQC; which is either Legacy Firewall (That doesn't > follow MQC model) or ZFW > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Managing Partner / Sr. Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Bruno > *Sent:* Sunday, May 08, 2011 8:34 PM > *To:* Andrew Wurster > *Cc:* OSL Security > *Subject:* Re: [OSL | CCIE_Security] PAM clarifications > > > > Actually, that's one of my doubts as well. > > Andrew made it long but in short my doubts summarizes in: > > ip nbar port-map xxx and ip port-map xxx > > What's the dfference between them. I have always used ip port-map with > class-map match protocol command. I have been taught that nbar feature was > match protocol. > > Anyways, any lights would be appreciated > > On Sun, May 8, 2011 at 4:32 PM, Andrew Wurster <[email protected]> > wrote: > > hey guys - > > > > i wanted to clarify something regarding port-to-application mapping. > thought i had it down, but second guessing myself today. > > > > as i understand it, there are 4 ways we can classify custom traffic by a > protocol "name" using some type of PAM. i am wondering, in what scenarios > are the *ip nbar port-map* and *ip port-map* command interchangeable, if > at all...? > > 1. NBAR port-map -> specifically used for FW features like ZBFW and > CBAC. > > > 1. custom protocol NBAR port-map -> useful for adding a completely new > protocol for deep packet inspection. requires a custom PHDF and the > protocol name* prefixed with custom-*. > > *ip nbar custom* *name* [*offset* [*format value*]] [*variable* > *field-name > field-length*] [*source* | *destination*] [*tcp* | *udp *] [*range* > *start end* | *port-number *] > *ip nbar port-map **protocol-name *[*tcp | udp*]* **port-number* > 2. well-known protocol NBAR port-map -> useful for adding a custom > port to a well-known pre-defined protocol. > > *ip nbar port-map **protocol-name *[*tcp** | udp*]* **port-number* > > > 1. PAM -> [legacy???] port to application mapping. used in features > like packet marking in regular MPF. uses the ip port-map command > > > 1. well-known protocol port-map -> can map a custom port to a > pre-defined protocol. > > *ip port-map **appl_name** port **port_num** *[*list **acl_num*] > 2. user port-map -> can map a custom application to a particular > port. requires the protocol name to be prefixed by *user-**. > * > *ip port-map **appl_name** port **port_num** *[*list **acl_num*] > > > > so using the example of mapping TCP/10000 for HTTP use: > > > > for firewall: > > *ip nbar port-map http port tcp 10000* > > OR > > *ip nbar port-map custom-01 tcp 10000 * > > > > for regular QoS: > > *ip port-map http port tcp 10000* > > OR > > *ip port-map user-MY-HTTP-MAP port tcp 10000* > > > > any help to understand application of this concept in the lab would be much > appreciated. > > > > thanks! > > > > andrew > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
