DX Unified Infrastructure Management

Hi Experts,

We successfully installed CA NFA 9.3.8, it is standalone, or we are doing POC.

Customer enabled netflow v9 on their routers. 

We are facing some issue customer is saying that they enable NBAR2 configuration on routers, but while capturing NBAR2 data in wireshark, we are not getting ApplicationID  in wireshark,

We are following below CA Techdoc.

Tech Tip: How to verify NBAR2 Application data for NFA 9.2 using Wireshark 

Kindly suggest us the exact configuration which need to be done on cisco routers.

Thanks and regards

Dharmender Singh 

Command to configure NBAR2 on Cisco devices

Hello Dharmender,

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/configuration/xe-16/qos-nbar-xe-16-book/nbar-cust-protcl.html

IP address and port-based custom protocol includes supporting an IP subnet or a list of IP addresses with a specific TCP or UDP transport. This enables Network-Based Application Recognition (NBAR) to recognize traffic based on IP addresses and to associate an application ID to traffic from and to specified IP addresses. You define a custom protocol transport by using the keywords and arguments of the ip nbar custom transport command.

To support the IP address and port-based custom protocol option, the custom configuration mode (config-custom) is introduced with the ip nbar custom transport command. This mode supports options to specify a maximum of eight individual IP addresses, subnet IP addresses, and subnet mask length. You can also specify a list of eight ports or a start port range and an end port range.

IP address-based custom application gets classification from syn packet.

QoS: NBAR Configuration Guide, Cisco IOS Release 15M&T - NBAR2 Custom Protocol [Support] - Cisco