The long list of supported protocols available in the match protocol command includes HTTP, HTTPS, FTP,
IMAP, POP3, SMTP, BGP, RIP, EIGRP, ICMP, KAZAA, NAPSTER, and PCANYWHERE.
Example 7-11. Configuring NBAR
Code View:
Router(config)# class-map myclass
Router(config-cmap)# match protocol fasttrack
Router(config-cmap)# match protocol napster
Router(config-cmap)# match protocol gnutella
Router(config-cmap)# match protocol edonkey
Router(config-cmap)# match protocol kazaa2
Router(config-cmap)# exit
Router(config)# policy-map mypolicy
Router(config-pmap)# class-map myclass
! Define Drop action
Router(config-pmap-c)# drop
! OR Perform Class-based Policing
Router(config-pmap-c)# police 8000 1000 1000 conform-action transmit exceed-action
drop
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)# interface
Router(config-if)# service-policy [input | output] mypolicy
The show ip nbar port-map [protocol-name] command can be used to display the TCP/UDP port numbers
used by NBAR to classify a given protocol.
TCP Intercept
TCP Intercept is another important security feature integrated into Cisco IOS software, which is used to protect
TCP servers from SYN-flooding attacks.
Pages:
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385