- Auto Traffic Analysis and Protocol Generation
- Classifying Network Traffic Using NBAR
- Enabling Protocol Discovery
- Configuring NBAR Using the MQC
- DSCP-Based Layer 3 Custom Applications
- MQC Based on Transport Hierarchy
- NBAR Categorization and Attributes
- Reporting Extracted Fields Through Flexible NetFlow
- NBAR Protocol Pack
- NBAR Protocol Pack Auto Update
- NBAR2 Custom Protocol
- NBAR2 Protocol Pack Hitless Upgrade
- NBAR Web-based Custom Protocols
- NBAR2 HTTP-Based Visibility Dashboard
- NBAR Coarse-Grain Classification
- SSL Custom Application
- Fine-Grain NBAR for Selective Applications
- NBAR Custom Applications Based on DNS Name
- NBAR Customized Assistance Based on SSL or HTTP
- Finding Feature Information
- NBAR Customized Assistance Based on SSL or HTTP Overview
- How to configure NBAR Customization Assistance Based on SSL or HTTP
- Configuration Examples for NBAR Customized Assistance Based on SSL or HTTP
- Additional References for NBAR Customized Assistance Based on SSL or HTTP
- Feature Information for NBAR Customization Assistance Based on SSL or HTTP
NBAR Customized
Assistance Based on SSL or HTTP
NBAR Customized Assistance based on SSL or HTTP feature enables the user to customize Secure Sockets Layer (SSL) traffic based on the hostname that is found either in the Server Name field in the Client Hello extensions or in the Common Name field in the digital certificate that the client sends to the server, and to customize HTTP traffic based on signatures that have hostnames.
- Finding Feature Information
- NBAR Customized Assistance Based on SSL or HTTP Overview
- How to configure NBAR Customization Assistance Based on SSL or HTTP
- Configuration Examples for NBAR Customized Assistance Based on SSL or HTTP
- Additional References for NBAR Customized Assistance Based on SSL or HTTP
- Feature Information for NBAR Customization Assistance Based on SSL or HTTP
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
NBAR Customized Assistance Based on SSL or HTTP Overview
Network-Based Application Recognition (NBAR) supports the use of custom protocols to identify custom applications. Custom protocols support static port-based protocols and applications that NBAR does not support. NBAR Customized Assistance based on SSL or HTTP feature enables the user to customize Secure Sockets Layer (SSL) traffic based on the hostname that is found either in the Server Name field in the Client Hello extensions or in the Common Name field in the digital certificate that the client sends to the server and to customize HTTP traffic based on signatures that have hostnames.
How to configure NBAR Customization Assistance Based on SSL or HTTP
Configuring NBAR Customized Assistance based on SSL or HTTP
1.
enable
2.
configure
terminal
3.
ip
nbar
classification
auto-learn [top-hosts |
top-ports]
4.
ip
nbar
classification
auto-learn
top-portssample-rate
N
5.
exit
6.
show
ip
nbar
classification
auto-learn [top-hosts |
top-ports]
N[Detailed]
7.
clear
ip
nbar
classification
auto-learn [top-hosts |
top-ports]
statistics
8.
clear
ip
nbar
classification
auto-learn
top-hosts
restart
DETAILED STEPS
Configuration Examples for NBAR Customized Assistance Based on SSL or HTTP
Example: Configuring NBAR Customized Assistance Based on SSL or HTTP
Device> enable Device# configuration terminal Device (config)# ip nbar classification auto-learn top-hosts Device (config)# exit
Additional References for NBAR Customized Assistance Based on SSL or HTTP
Related Documents
|
Related Topic |
Document Title |
|---|---|
|
Cisco IOS commands |
|
|
QoS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples |
Technical Assistance
|
Description |
Link |
|---|---|
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for NBAR Customization Assistance Based on SSL or HTTP
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.|
Feature Name |
Releases |
Feature Information |
|---|---|---|
|
Show unclassified port stats |
Cisco IOS XE Release 3.16S |
NBAR Customized Assistance based on SSL or HTTP feature enables the user to customize Secure Sockets Layer (SSL) traffic based on the ports that is found either in the Server Name field in the Client Hello extensions or in the Common Name field in the digital certificate that the client sends to the server, and to customize HTTP traffic based on signatures that have port names. The following commands were introduced or modified: ip nbar classification auto-learn top-ports, ip nbar classification auto-learn top-ports sample-rate, show ip nbar classification auto-learn top-ports, clear ip nbar classification auto-learn top-ports restart, and clear ip nbar classification auto-learn top-ports statistics |
Feedback