Customizing NBAR2 Built-in Protocols

Built-in protocols provided by the Cisco Protocol Pack recognize traffic of a specific type of network application. It can be useful to “customize” a protocol, adding to the scope of traffic that it matches and recognizes.

This module describes the process and shows how to customize built-in protocols.

Information About Customizing a Built-in Protocol

Customizing Built-in Protocols

Each built-in NBAR2 protocol (provided by the Cisco Protocol Pack) is pre-configured to recognize traffic of a specific type of network application. In some situations, it can be useful to “customize” a protocol, adding to the scope of traffic that it matches and recognizes. This is accomplished by configuring user-specified domains that extend the scope of the protocol. Each customization is identified by a user-supplied name.

For example, the built-in office365 protocol matches Microsoft Office 365 application traffic. Customizing the office365 protocol by adding additional domains can extend its scope.

Visibility and Control

  • Application visibility: Traffic that matches the user-specified extension of the built-in protocol is reported by the name of the user-specified customization.

  • Application control: After extending a built-in protocol, any policy associated with the protocol applies also to the user-specified domain.

Usage Notes

  • The maximum number of customizations is 120. This count includes other types of customization.

  • Customizing a protocol does not change its priority.

  • The custom-name of a customization cannot be used for defining policy.

  • It is possible to configure multiple domains for the same custom-name . Example: 

    ip nbar custom myOffice365 dns domain-name "*uniqueOffice365" extends office365
ip nbar custom myOffice365 dns domain-name "*anotherUniqueOffice365" extends office365

  • Multiple customization commands can extend the same built-in protocol. Example:

    ip nbar custom myOffice365_D1 dns domain-name "*uniqueOffice365" extends office365
ip nbar custom myOffice365_D2 dns domain-name "*anotherUniqueOffice365" extends office365

How to Customize a Built-in Protocol

The following CLI commands can be used to customize a protocol.

  • Adding user-specified domains for DNS traffic only:

    ip nbar custom custom-name dns domain-name "regex-text-string " extends built-in-protocol

  • Adding user-specified domains for any type of transport protocol (DNS, HTTP, SSL):

    ip nbar custom custom-name composite server-name "regex-text-string " extends built-in-protocol

  • The no form of the command removes the customization. Specify the custom name, regular expression (regex), and built-in protocol name exactly as they were specified when the customization was added.

    no ip nbar custom custom-name {dns domain-name | composite server-name } "regex-text-string " extends built-in-protocol

Customizing a Built-in Protocol

Use the following procedure to customize a protocol.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nbar custom custom-name {dns domain-name | composite server-name } "regex-text-string " extends built-in-protocol

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

ip nbar custom custom-name {dns domain-name | composite server-name } "regex-text-string " extends built-in-protocol

Example:


Device(config)# ip nbar custom myOffice365 dns domain-name "*uniqueOffice365" extends office365

Adds the custom domain, defined by a regular expression (regex).

  • Use dns domain-name to add a user-specified domain for DNS traffic only.

  • Use composite server-name to add a user-specified domain for any type of transport protocol (DNS, HTTP, SSL).

  • custom-name : User-specified name for the customization.

  • regex-text-string : Specifies domain text to match.

  • built-in-protocol : Name of the built-in protocol to customize. The command extends the scope of this built-in protocol to include traffic matched by the regex-text-string .

The example configures a customization called myOffice365, which extends the built-in office365 protocol to include domains that match to the regex, "*uniqueOffice365".