NBAR2 Protocol Pack 4.1.1
Release Notes for NBAR2 Protocol Pack 4.1.1
Downloads: This chapterpdf (PDF - 1.05MB) The complete bookPDF (PDF - 8.49MB) | Feedback

Release Notes for NBAR2 Protocol Pack 4.1.1

Release Notes for NBAR2 Protocol Pack 4.1.1

Supported Platforms

Network-Based Application Recognition (NBAR2) Protocol Pack support is provided for Cisco Wireless LAN Controller platforms, starting with release 7.5.

NBAR2 Protocol Pack 4.1.1 is supported on the following Cisco Wireless LAN Controller platforms:

  • Cisco 5508 Wireless Controller
  • Cisco Flex 7500 Series Wireless Controllers
  • Cisco 8510 Wireless Controller
  • Cisco Wireless Services Module 2 (WiSM2)

Note


The Cisco 2504 Wireless Controller supports Application Visibility and Control, but does not support protocol packs.


Updated Protocols in NBAR2 Protocol Pack 4.1.1

The following table displays the protocols that are updated in NBAR2 Protocol Pack 4.1.1:

Protocol

Updates

dns

Signatures have been updated.

ftp

Data channel is now classified as ftp-data.

Note   

When configuring QoS class-map with ftp-data, the ftp protocol must be selected. Alternatively, the ftp application group can be selected.

qqlive

Signatures have been updated to avoid misclassification of http.

skype

Signatures have been updated to Version 6.1.0.129 (or its equivalent on other platforms) to enable better blocking.

tftp

Signatures have been updated.

Caveats in NBAR2 Protocol Pack 4.1.1


Note


If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and go to http:/​/​www.cisco.com/​pcgi-bin/​Support/​Bugtool/​launch_​bugtool.pl. (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)


Known Caveats in NBAR2 Protocol Pack 4.1.1

The following table lists the known caveats in NBAR2 Protocol Pack 4.1.1:

Known Caveat

Description

CSCtx65481

Traffic generated by pcAnywhere for Mac and thepcAnywhere mobile application may be misclassified as unknown.

CSCub62860

gtalk-video may be misclassified as rtp.

CSCub89835

gbridge PC client may not be blocked.

CSCuc43505

Traffic generated by AIM Pro may be misclassified as unknown or as webex-meeting.

CSCue08462

Some Xunlei-KanKan traffic may be misclassified as Xunlei.

CSCue69212

Traffic generated by qqlive may be misclassified as http.

CSCud10747

Dropping Skype traffic does not always disallow login into Skype account via the Skype application.

Restrictions and Limitations in NBAR2 Protocol Pack 4.1.1

The following table lists the limitations and restrictions in NBAR2 Protocol Pack 4.1.1:

Protocol

Limitation/Restriction

bittorrent

HTTP traffic that is generated by the bitcomet bittorrent client may be classified as http.

livemeeting

The Livemeeting application has been discontinued. It has been replaced with MS Lync. The traffic generated by Livemeeting may be classified as ms-lync.

hulu

Encrypted video streaming generated by hulu may be classified as its underlying protocol rtmpe.

logmein

Traffic generated by the logmein android application may be misclassified as ssl.

ms-lync

Login and chat traffic generated by the ms-lync client may be misclassified as ssl.

secondlife

Voice traffic generated by secondlife may be misclassified as ssl.

Recommended Configurations

The following configurations are tested and recommended for blocking the respective traffic.

Recommended Configuration Caveat for reference
To block Picasa traffic, you need to block Google services and the Picasa application, because Google applications share signatures. CSCud40143
To block Gmail traffic, you need to block Google services and the Gmail application, because Google applications share signatures. CSCud43226