Network-Based Application Recognition (NBAR2) Protocol Pack support is provided for Cisco Wireless LAN Controller platforms, starting with release 7.5.
NBAR2 Protocol Pack 4.1.1 is supported on the following Cisco Wireless LAN Controller platforms:
Cisco 5508 Wireless Controller
Cisco Flex 7500 Series Wireless Controllers
Cisco 8510 Wireless Controller
Cisco Wireless Services Module 2 (WiSM2)
The Cisco 2504 Wireless Controller supports Application Visibility and Control, but does not support protocol packs.
Updated Protocols in NBAR2 Protocol Pack 4.1.1
The following table displays the protocols that are updated in NBAR2 Protocol Pack 4.1.1:
Signatures have been updated.
Data channel is now classified as ftp-data.
When configuring QoS class-map with ftp-data, the ftp protocol must be selected. Alternatively, the ftp application group can be selected.
Signatures have been updated to avoid misclassification of http.
Signatures have been updated to Version 188.8.131.52 (or its equivalent on other platforms) to enable better blocking.
Signatures have been updated.
Caveats in NBAR2 Protocol Pack 4.1.1
If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and go to http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl. (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)
Known Caveats in NBAR2 Protocol Pack 4.1.1
The following table lists the known caveats in NBAR2 Protocol Pack 4.1.1:
Traffic generated by pcAnywhere for Mac and thepcAnywhere mobile application may be misclassified as unknown.
gtalk-video may be misclassified as rtp.
gbridge PC client may not be blocked.
Traffic generated by AIM Pro may be misclassified as unknown or as webex-meeting.
Some Xunlei-KanKan traffic may be misclassified as Xunlei.
Traffic generated by qqlive may be misclassified as http.
Dropping Skype traffic does not always disallow login into Skype account via the Skype application.
Restrictions and Limitations in NBAR2 Protocol Pack 4.1.1
The following table lists the limitations and restrictions in NBAR2 Protocol Pack 4.1.1:
HTTP traffic that is generated by the bitcomet bittorrent client may be classified as http.
The Livemeeting application has been discontinued. It has been replaced with MS Lync. The traffic generated by Livemeeting may be classified as ms-lync.
Encrypted video streaming generated by hulu may be classified as its underlying protocol rtmpe.
Traffic generated by the logmein android application may be misclassified as ssl.
Login and chat traffic generated by the ms-lync client may be misclassified as ssl.
Voice traffic generated by secondlife may be misclassified as ssl.
The following configurations are tested and recommended for blocking the respective traffic.
Caveat for reference
To block Picasa traffic, you need to block Google services and the Picasa application, because Google applications share signatures.
To block Gmail traffic, you need to block Google services and the Gmail application, because Google applications share signatures.