NBAR Protocol Discovery

NBAR protocol discovery

NBAR protocol discovery is a network traffic analysis feature that

  • identifies and classifies application protocols passing through a network interface from Layer 4 through Layer 7

  • collects protocol-specific traffic statistics for supported applications, and

  • enables network administrators to monitor application performance and usage trends.

Network Based Application Recognition (NBAR) identifies which protocols and applications are currently running on the network. Use Protocol Discovery to find protocol traffic supported by NBAR and view related statistics.

NBAR also supports Cisco Application Visibility and Control (AVC). With AVC, NBAR helps you improve application performance with enhanced QoS and policing. It gives you more detailed visibility into your network.

Restrictions of NBAR

NBAR cannot accurately classify traffic when SaaS applications use end-to-end encryption, QUIC, or DoH, because encryption blocks traffic analysis.

  • In these cases, encrypted traffic (including DoH and QUIC without SNI) limits NBAR, so it may not report the correct Protocol ID. As a result, you might experience issues with traffic classification.

Configure NBAR protocol discovery (CLI)

Follow this procedure to enable protocol discovery.

Procedure

Step 1

Enter the global configuration mode.

Example:

Device# configure terminal

Step 2

Configure a WLAN policy profile and enter the wireless policy configuration mode.

Example:

Device(config)# wireless profile policy nbar-proto-policy

Step 3

Configure the wireless policy profile for central switching.

Example:

Device(config-wireless-policy)# central switching

Note

 

NBAR protocol discovery is supported in local mode (central switching) and in FlexConnect (central switching) mode.

Step 4

Enable application recognition on the wireless policy profile by activating the NBAR2 engine.

Example:

Device(config-wireless-policy)# ip nbar protocol-discovery

Verify protocol discovery statistics

To view protocol discovery statistics, use the command: 

Device# show ip nbar protocol-discovery wlan wlan-profile-name
wlan_profile_name (iif_id 0xF0400002)
                                                                                                    
Last clearing of "show ip nbar protocol-discovery" counters 00:07:12
                                                                                                    
                                                                                                    
Input                    Output
-----                    ------
Protocol                 Packet Count             Packet Count
Byte Count               Byte Count
5min Bit Rate (bps)      5min Bit Rate (bps)
5min Max Bit Rate (bps)  5min Max Bit Rate (bps)
------------------------ ------------------------ ------------------------
unknown                  22                       0
                                  4173                     0
                                  0                        0
                                 2000                     0
dhcp                         3                        2
                                 1166                     724
                                  0                        0
                                  0                        0
 ping                          2                        2
                                  204                      236
                                  0                        0
                                  0                        0
Total                         27                       4
                                 5543                     960
                                 0                        0
                                 2000                     0

To clear protocol discovery statistics, use the command:

Device# clear ip nbar protocol-discovery wlan wlan-profile-name