QoS: NBAR Configuration Guide, Cisco

IOS XE Release 2

Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED
WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED
WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL
FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE
PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR
ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output,
network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content
is unintentional and coincidental.

© 2011 Cisco Systems, Inc. All rights reserved.

CONTENTS

Classifying Network Traffic Using NBAR in Cisco IOS XE Software 1

Finding Feature Information 1
Restrictions for Classifying Network Traffic Using NBAR 1
Information About Classifying Network Traffic Using NBAR 3
NBAR Functionality 3
NBAR Benefits 4
NBAR and Classification of HTTP Traffic 4
Classification of HTTP Traffic by URL Host or MIME 4
Classification of HTTP Traffic Using HTTP Header Fields 5
Combinations of Classification of HTTP Headers and URL Host or MIME Type to
Identify HTTP Traffic 6
NBAR and Classification of Citrix ICA Traffic 6
Classification of Citrix ICA Traffic by Published Application Name 7
Citrix ICA Client Modes 7
Classification of Citrix ICA Traffic by ICA Tag Number 8
Citrix ICA Packet Tagging 8
NBAR and RTP Payload Type Classification 9
NBAR and Classification of Custom Protocols and Applications 9
NBAR and Classification with Dynamic PDLMs 10
NBAR and Classification of Peer-to-Peer File-Sharing Applications 10
NBAR Scalability 11
Interface Scalability 11
Flow Scalability 11
Flow Table Sizing 12
NBAR-Supported Protocols 13
NBAR Protocol Discovery 80
NBAR Protocol Discovery MIB 80
NBAR Configuration Processes 80
Restarting NBAR 81

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

iii
 Contents

NBAR Protocol Pack 81

NBAR and Multipacket Classification 81
NBAR on VRF Interfaces 82
NBAR and IPv6 82
NBAR Support for IPv6 from Cisco IOS XE Release 3.5S and Later Releases 82
NBAR Categorization and Attributes 82
How to Configure Attribute-Based Protocol Match 83
Configuring Attribute-Based Protocol Match 83
Configuration Examples for Classifying Network Traffic Using NBAR in Cisco IOS XE
Software 86
Example: Classification of HTTP Traffic Using the HTTP Header Fields 86
Example: Combinations of Classification of HTTP Headers and URL Host or MIME Type
to Identify HTTP Traffic 87
Example: NBAR and Classification of Custom Protocols and Applications 87
Example: NBAR and Classification of Peer-to-Peer File-Sharing Applications 88
Example: Configuring Attribute-Based Protocol Match 89
Additional References 90
Feature Information for Classifying Network Traffic Using NBAR 94
Glossary 96
Enabling Protocol Discovery 99
Finding Feature Information 99
Prerequisites for Enabling Protocol Discovery 99
Restrictions for Enabling Protocol Discovery 99
Information About Protocol Discovery 100
Protocol Discovery Overview 100
Interface Scalability 101
How to Enable Protocol Discovery 101
Enabling Protocol Discovery on an Interface 102
Reporting Protocol Discovery Statistics 103
Configuration Examples for Protocol Discovery 104
Example: Enabling Protocol Discovery on an Interface 104
Example: Reporting Protocol Discovery Statistics 105
Additional References 106
Feature Information for Enabling Protocol Discovery 107

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

iv
 Classifying Network Traffic Using NBAR in
Cisco IOS XE Software
Network-Based Application Recognition (NBAR) is a classification engine that recognizes and classifies
a wide variety of protocols and applications. When NBAR recognizes and classifies a protocol or
application, the network can be configured to apply the appropriate quality of service (QoS) for that
application or traffic with that protocol.
This module contains an overview of classifying network traffic using NBAR in Cisco IOS XE software.

• Finding Feature Information, page 1

• Restrictions for Classifying Network Traffic Using NBAR, page 1
• Information About Classifying Network Traffic Using NBAR, page 3
• Configuration Examples for Classifying Network Traffic Using NBAR in Cisco IOS XE Software,
page 86
• Additional References, page 90
• Feature Information for Classifying Network Traffic Using NBAR, page 94
• Glossary, page 96

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature
information and caveats, see the release notes for your platform and software release. To find information
about the features documented in this module, and to see a list of the releases in which each feature is
supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Restrictions for Classifying Network Traffic Using NBAR

NBAR does not support the following applications:
• Non-IP traffic.
• Multiprotocol Label Switching (MPLS)-labeled packets. NBAR classifies IP packets only. You can,
however, use NBAR to classify IP traffic before the traffic is handed over to MPLS. Use the modular
QoS CLI (MQC) to set the IP differentiated services code point (DSCP) field on the NBAR-classified
packets and make MPLS map the DSCP setting to the MPLS experimental (EXP) setting inside the
MPLS header.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

1
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Restrictions for Classifying Network Traffic Using NBAR

• NBAR processing. By design, NBAR processing is temporarily disabled during the In-Service
Software Upgrade (ISSU). The following syslog message indicates the restart of the NBAR
classification once ISSU is complete: "%NBAR_HA-5-NBAR_INFO: NBAR sync DONE!".
• Multicast packet classification.
• Asymmetric flows with stateful protocols.
• Packets that originate from or destined to the router running NBAR.

Note In the NBAR context, asymmetric flows are flows in which different packets of the flow go through
different routers, for reasons such as load balancing implementation or asymmetric routing, where packets
flow through different routes in different directions.

NBAR is not supported on the following logical interfaces:

• Dialer interfaces
• Dynamic tunnels such as Dynamic Virtual Tunnel Interface (DVTI)
• Fast Etherchannels
• IPv6 tunnels that terminate on the router
• Multilink interfaces such as Multilink Point-to-Point Protocol (MLPPP) and Multilink Frame Relay
(MLFR)
• MPLS
• Overlay Transport Virtualization (OTV) overlay interfaces
• Port channels
• VRF-Aware Service Infrastructure (VASI)

Note In cases where encapsulation is not supported by NBAR on some of the links, you can apply NBAR on
other interfaces of the router to perform input classification. For example, you can configure NBAR on
LAN interfaces to classify output traffic on the WAN link.

The following virtual interfaces are supported in Cisco IOS XE Release 3.5S and later releases:
• Generic routing encapsulation (GRE)
• IPsec IPv4 tunnel (including tunneled IPv6) in protocol discovery mode and MQC mode (cryptomap
mode is not supported)
• IPsec IPv6 tunnel in protocol discovery mode but not in MQC mode (cryptomap mode is not
supported)
• Multipoint GRE/Dynamic Multipoint VPN in protocol discovery mode

Note NBAR requires more CPU power when NBAR is enabled on tunneled interfaces.

If protocol discovery is enabled on both the tunnel interface and the physical interface on which the tunnel
interface is configured, the packets that are designated to the tunnel interface are counted on both
interfaces. On the physical interface, the packets are classified and are counted based on the encapsulation.
On the tunnel interface, the packets are classified and are counted based on the L7 protocol.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

2
 NBAR Functionality
Information About Classifying Network Traffic Using NBAR

Information About Classifying Network Traffic Using NBAR

• NBAR Functionality, page 3
• NBAR Benefits, page 4
• NBAR and Classification of HTTP Traffic, page 4
• NBAR and Classification of Citrix ICA Traffic, page 6
• NBAR and RTP Payload Type Classification, page 9
• NBAR and Classification of Custom Protocols and Applications, page 9
• NBAR and Classification with Dynamic PDLMs, page 10
• NBAR and Classification of Peer-to-Peer File-Sharing Applications, page 10
• NBAR Scalability, page 11
• NBAR-Supported Protocols, page 13
• NBAR Protocol Discovery, page 80
• NBAR Protocol Discovery MIB, page 80
• NBAR Configuration Processes, page 80
• Restarting NBAR, page 81
• NBAR Protocol Pack, page 81
• NBAR and Multipacket Classification, page 81
• NBAR on VRF Interfaces, page 82
• NBAR and IPv6, page 82
• NBAR Categorization and Attributes, page 82
• How to Configure Attribute-Based Protocol Match, page 83

NBAR Functionality
NBAR is a classification engine that recognizes and classifies a wide variety of protocols and applications,
including web-based and other difficult-to-classify applications and protocols that use dynamic TCP/UDP
port assignments.
When NBAR recognizes and classifies a protocol or application, the network can be configured to apply
the appropriate QoS for that application or traffic with that protocol. The QoS is applied using the MQC.

Note For more information about the MQC, see the "Applying QoS Features Using the MQC" module.

NBAR introduces several classification features that identify applications and protocols from Layer 4
through Layer 7. These classification features are as follows:
• Statically assigned TCP and UDP port numbers.
• Non-TCP and non-UDP IP protocols.
• Dynamically assigned TCP and UDP port numbers. This kind of classification requires stateful
inspection, that is, the ability to inspect a protocol across multiple packets during packet classification.
• Subport classification or classification based on deep packet inspection, that is, classification
inspecting the packets.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

3
 NBAR Benefits
Classification of HTTP Traffic by URL Host or MIME

Note Access Control Lists (ACLs) can also be used for classifying static port protocols. However, NBAR is
easier to configure and can provide classification statistics that are not available when ACLs are used.

NBAR includes a Protocol Discovery feature that provides an easy way to discover application protocols
that are operating on an interface. For more information about Protocol Discovery, see the "Enabling
Protocol Discovery" module.

Note NBAR classifies network traffic by application or protocol. Network traffic can be classified without using
NBAR. For information about classifying network traffic without using NBAR, see the "Classifying
Network Traffic" module.

NBAR includes the Protocol Pack feature that provides an easy way to load protocols and helps NBAR
recognize additional protocols for network traffic classification. A protocol pack is set a of protocols
developed and packed together. A new protocol pack can be loaded on the router to replace the default IOS
protocol pack that is already present in the router.

NBAR Benefits
Identifying and classifying network traffic is an important first step in implementing QoS. A network
administrator can more effectively implement QoS in a networking environment after identifying the
number and types of applications and protocols that are running on a network.
NBAR gives network administrators the ability to see the different types of protocols and the amount of
traffic generated by each protocol. After NBAR gathers this information, users can organize traffic into
classes. These classes can then be used to provide different levels of service for network traffic, thereby
allowing better network management by providing the appropriate level of network resources for the
network traffic.

NBAR and Classification of HTTP Traffic

This section includes information about the following topics:
• Classification of HTTP Traffic by URL Host or MIME, page 4
• Classification of HTTP Traffic Using HTTP Header Fields, page 5
• Combinations of Classification of HTTP Headers and URL Host or MIME Type to Identify HTTP
Traffic, page 6

Classification of HTTP Traffic by URL Host or MIME

NBAR can classify application traffic by looking beyond the TCP/UDP port numbers of a packet. This is
called subport classification. NBAR looks into the TCP/UDP payload itself and classifies packets based on
content within the payload such as the transaction identifier, message type, or other similar data.
Classification of HTTP traffic by URL, host, or Multipurpose Internet Mail Extension (MIME) type is an
example of subport classification. NBAR classifies HTTP traffic by text within the URL or host fields of a
request using regular expression matching. HTTP client request matching in NBAR supports most HTTP
request methods such as GET, PUT, HEAD, POST, DELETE, OPTIONS, CONNECT, and TRACE. The
NBAR engine then converts the specified match string into a regular expression.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

4
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Classification of HTTP Traffic Using HTTP Header Fields

The figure below illustrates a network topology with NBAR in which Router Y is the NBAR-enabled
router.

When specifying a URL for classification, include only the portion of the URL that follows the
www.hostname.domain in the match statement. For example, for the URL www.cisco.com/latest/
whatsnew.html, include only /latest/whatsnew.html with the match statement (for instance, match
protocol http url /latest/whatsnew.html).
Host specifications are identical to URL specifications. NBAR performs a regular expression match on the
host field contents inside an HTTP packet and classifies all packets from that host. For example, for the
URL www.cisco.com/latest/whatsnew.html, include only www.cisco.com.
For MIME type matching, the MIME type can contain any user-specified text string. A list of the Internet
Assigned Numbers Authority (IANA) supported MIME types can be found at the following URL:
http://www.iana.org/assignments/media-types/
When matching by MIME type, NBAR matches a packet containing the MIME type and all subsequent
packets until the next HTTP transaction.
NBAR supports URL and host classification in the presence of persistent HTTP. NBAR does not classify
packets that are part of a pipelined request. With pipelined requests, multiple requests are pipelined to the
server before previous requests are serviced. Pipelined requests are not supported with subclassification and
tunneled protocols that use HTTP as the transport protocol.
The NBAR Extended Inspection for HTTP Traffic feature allows NBAR to scan TCP ports that are not
well known and to identify HTTP traffic that traverses these ports. HTTP traffic classification is no longer
limited to the well-known and defined TCP ports.

Classification of HTTP Traffic Using HTTP Header Fields

NBAR introduces expanded ability for users to classify HTTP traffic using information in the HTTP header
fields.
HTTP works using a client/server model. HTTP clients open connections by sending a request message to
an HTTP server. The HTTP server then returns a response message to the HTTP client (this response
message is typically the resource requested in the request message from the HTTP client). After delivering
the response, the HTTP server closes the connection and the transaction is complete.
HTTP header fields are used to provide information about HTTP request and response messages. HTTP has
numerous header fields. For additional information on HTTP headers, see section 14 of RFC 2616:
Hypertext Transfer Protocol--HTTP/1.1. This RFC can be found at the following URL:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
NBAR is able to classify the following HTTP header fields:
• For request messages (client to server), the following HTTP header fields can be identified using
NBAR:

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

5
 NBAR and Classification of Citrix ICA Traffic
Combinations of Classification of HTTP Headers and URL Host or MIME Type to Identify HTTP Traffic

◦ User-Agent
◦ Referer
◦ From
• For response messages (server to client), the following HTTP header fields can be identified using
NBAR:
◦ Server
◦ Location
◦ Content-Base
◦ Content-Encoding

Note In Cisco IOS XE Release 3.1S and later releases, up to 56 parameters or subclassifications per protocol per
router can be specified with the match protocol http command. These parameters or subclassifications can
be a combination of any of the available match choices, such as host matches, MIME matches, server
matches, and URL matches. For other Cisco IOS XE releases and platforms, the maximum is 24 parameters
or subclassifications per protocol per router.

Within NBAR, the match protocol http c-header-field command is used to specify that NBAR identify
request messages (the "c" in the c-header-field portion of the command is for client). The match protocol
http s-header-field command is used to specify response messages (the "s" in the s-header-field portion of
the command is for server).

Note In Cisco IOS XE Release 3.1S and later releases, the c-header-field and s-header-field keywords and
associated arguments in the match protocol http command are not available. The same functionality is
achieved by using the individual keywords and arguments. For more information, see the syntax of the
match protocol http command in the Cisco IOS Quality of Service Solutions Command Reference.

Note The c-header-field performs subclassifications based on a single value in the user-agent, the referrer, or
from header field values. The s-header-field performs subclassifications based on a single value in the
server, location, content-encoding, or content-base header field values. These header field values are not
related to each other. Hence, the c-header and s-header fields are replaced by the user-agent, referrer,
from, server, content-base, content-encoding, and location parameters as per the intent and need of HTTP
subclassification.

Combinations of Classification of HTTP Headers and URL Host or MIME Type to Identify
HTTP Traffic
Note that combinations of URL, Host, MIME type, and HTTP headers can be used during NBAR
configuration. These combinations provide customers with more flexibility to classify specific HTTP traffic
based on their network requirements.

NBAR and Classification of Citrix ICA Traffic

NBAR can classify Citrix Independent Computing Architecture (ICA) traffic and perform subport
classification of Citrix traffic based on the published application name or ICA tag number.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

6
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Classification of Citrix ICA Traffic by Published Application Name

This section includes information about the following topics:

• Classification of Citrix ICA Traffic by Published Application Name, page 7
• Classification of Citrix ICA Traffic by ICA Tag Number, page 8

Classification of Citrix ICA Traffic by Published Application Name

NBAR can monitor Citrix ICA client requests for a published application destined to a Citrix ICA Master
browser. After the client requests the published application, the Citrix ICA Master browser directs the
client to the server with the most available memory. The Citrix ICA client then connects to this Citrix ICA
server for the application.

Note For Citrix to monitor and classify traffic by the published application name, Server Browser Mode on the
Master browser must be used.

In Server Browser Mode, NBAR statefully tracks and monitors traffic and performs a regular expression
search on the packet contents for the published application name specified by the match protocol citrix
command. The published application name is specified by using the app keyword and the application-
name-string argument of the match protocol citrix command. For more information about the match
protocol citrix command, see the Cisco IOS Quality of Service Solutions Command Reference.
The Citrix ICA session triggered to carry the specified application is cached, and traffic is classified
appropriately for the published application name.
• Citrix ICA Client Modes, page 7

Citrix ICA Client Modes

Citrix ICA clients can be configured in various modes. NBAR cannot distinguish among Citrix applications
in all modes of operation. Therefore, network administrators might need to collaborate with Citrix
administrators to ensure that NBAR properly classifies Citrix traffic.
A Citrix administrator can configure Citrix to publish Citrix applications individually or as the entire
desktop. In the Published Desktop mode of operation, all applications within the published desktop of a
client use the same TCP session. Therefore, differentiation among applications is impossible, and NBAR
can be used to classify Citrix applications only as aggregates (by looking at port 1494).
The Published Application mode for Citrix ICA clients is recommended when you use NBAR. In Published
Application mode, a Citrix administrator can configure a Citrix client in either seamless or nonseamless
(windows) modes of operation. In nonseamless mode, each Citrix application uses a separate TCP
connection, and NBAR can be used to provide interapplication differentiation based on the name of the
published application.
Seamless mode clients can operate in one of two submodes: session sharing or nonsession sharing. In
seamless session sharing mode, all clients share the same TCP connection, and NBAR cannot differentiate
among applications. Seamless sharing mode is enabled by default in some software releases. In seamless
nonsession sharing mode, each application for each particular client uses a separate TCP connection.
NBAR can provide interapplication differentiation in seamless nonsession sharing mode.

Note NBAR operates properly in Citrix ICA secure mode. Pipelined Citrix ICA client requests are not supported.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

7
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Classification of Citrix ICA Traffic by ICA Tag Number

Classification of Citrix ICA Traffic by ICA Tag Number

Citrix uses one TCP session each time an application is opened. In the TCP session, a variety of Citrix
traffic may be intermingled in the same session. For example, print traffic may be intermingled with
interactive traffic, causing interruption and delay for a particular application. Most users likely would
prefer that printing be handled as a background process and that printing not interfere with the processing
of higher-priority traffic.
To accommodate this preference, the Citrix ICA protocol includes the ability to identify Citrix ICA traffic
based on the ICA tag number of the packet. The ability to identify, tag, and prioritize Citrix ICA traffic is
referred to as ICA Priority Packet Tagging. With ICA Priority Packet Tagging, Citrix ICA traffic is
categorized as high, medium, low, and background, depending on the ICA tag of the packet.
When ICA traffic priority tag numbers are used, and the priority of the traffic is determined, QoS features
can be implemented to determine how the traffic will be handled. For example, QoS traffic policing can be
configured to transmit or drop packets with a specific priority.
• Citrix ICA Packet Tagging, page 8

Citrix ICA Packet Tagging

The Citrix ICA tag is included in the first two bytes of the Citrix ICA packet, after the initial negotiations
are completed between the Citrix client and server. These bytes are not compressed or encrypted.
The first two bytes of the packet (byte 1 and byte 2) contain the byte count and the ICA priority tag
number. Byte 1 contains the low-order byte count, and the first two bits of byte 2 contain the priority tags.
The other six bits contain the high-order byte count.
The ICA priority tag value can be a number from 0 to 3. The number indicates the packet priority, with 0
being the highest priority and 3 being the lowest priority.
To prioritize Citrix traffic by the ICA tag number of the packet, you must specify the tag number using the
ica-tag keyword and the ica-tag-value argument of the match protocol citrix command. For more
information about the match protocol citrix command, see the Cisco IOS Quality of Service Solutions
Command Reference .
The table below contains information about different Citrix traffic and the respective priority tags.

Table 1 Citrix ICA Packet Tagging

Priority ICA Bits (decimal) Sample Virtual Channels

High 0 Video, mouse, and keyboard
screen updates

Medium 1 Program neighborhood,

clipboard, audio mapping, and
license management

Low 2 Client common equipment

(COM) port mapping and client
drive mapping

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

8
 NBAR and RTP Payload Type Classification
Citrix ICA Packet Tagging

Priority ICA Bits (decimal) Sample Virtual Channels

Background 3 Auto client update, client printer
mapping, and original equipment
manufacturers (OEM) channels

NBAR and RTP Payload Type Classification

Real-time Transport Protocol (RTP) is a packet format for multimedia data streams. It can be used for
media-on-demand and for interactive services such as Internet telephony. RTP consists of a data part and a
control part. The control part is called Real-Time Transport Control Protocol (RTCP). RTCP is a separate
protocol that is supported by NBAR. It is important to note that the NBAR RTP Payload Type
Classification feature does not identify RTCP packets and that RTCP packets run on odd-numbered ports
and RTP packets run on even-numbered ports.
The data part of RTP is a thin protocol that provides support for applications with real-time properties such
as continuous media (audio and video), which includes timing reconstruction, loss detection, and security
and content identification. RTP is discussed in RFC 1889 (A Transport Protocol for Real-Time
Applications)and RFC 1890 (RTP Profile for Audio and Video Conferences with Minimal Control).
The RTP payload type is the data transported by RTP in a packet, for example audio samples or
compressed video data.
NBAR RTP Payload Type Classification feature not only allows real-time audio and video traffic to be
statefully identified, but can also differentiate on the basis of audio and video codecs to provide more
granular QoS. The RTP Payload Type Classification feature, therefore, looks deep into the RTP header to
classify RTP packets.
For more information on the classification of RTP with NBAR, see http://www.cisco.com/en/US/products/
ps6616/products_white_paper09186a0080110040.shtml

NBAR and Classification of Custom Protocols and Applications

NBAR supports the use of custom protocols to identify custom applications. Custom protocols support
static port-based protocols and applications that NBAR does not currently support. You can add to the set
of protocols and application types that NBAR recognizes by creating custom protocols.
Custom protocols extend the capability of NBAR Protocol Discovery to classify and monitor additional
static port applications and allow NBAR to classify nonsupported static port traffic.
Once the custom protocols are defined, you can then use them with the help of NBAR Protocol Discovery
and the MQC to classify the traffic.
With NBAR supporting the use of custom protocols, NBAR can map static TCP and UDP port numbers to
the custom protocols.
There are two types of custom protocols:
• Predefined custom protocols
• User-defined custom protocols
NBAR includes the following features related to predefined custom protocols and applications:
• Custom protocols have to be named custom-xx, with xx being a number.
• Ten custom applications can be assigned using NBAR, and each custom application can have up to 16
TCP and 16 UDP ports each mapped to an individual custom protocol. The real-time statistics of each
custom protocol can be monitored using Protocol Discovery.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

9
 NBAR and Classification with Dynamic PDLMs
Citrix ICA Packet Tagging

• When you create a custom protocol after creating a variable, you can use the match protocol
command to classify traffic on the basis of a specific value in the custom protocol.
NBAR includes the following features related to user-defined custom protocols and applications:
• The ability to inspect the payload for certain matching string patterns at a specific offset.
• The ability to allow users to define the names of their custom protocol applications. The user-named
protocol can then be used by Protocol Discovery, the Protocol Discovery MIB, the match protocol
command, and the ip nbar port-map command as an NBAR-supported protocol.
• The ability of NBAR to inspect custom protocols specified by traffic direction (that is, traffic heading
toward a source or destination rather than traffic in both directions), if desired by the user.
• CLI support that allows a user configuring a custom application to specify a range of ports rather than
to specify each port individually.
• The variable keyword, the field-name argument, and the field-length argument were added to the ip
nbar custom command.
This additional keyword and two additional arguments allow for creation of more than one custom protocol
based on the same port numbers.

Note Defining a user-defined custom protocol restarts the NBAR feature, whereas defining predefined custom
protocol does not restart the NBAR feature.

NBAR and Classification with Dynamic PDLMs

Dynamic Packet Description Language Modules (PDLM) allow new protocol support or enhance existing
protocol support for NBAR without the requirement of a Cisco IOS XE release upgrade and router reload.
If the support is for enhancing protocols for NBAR, then the module version of the PDLM should be
greater than the existing version of the PDLM. Subsequent Cisco IOS XE releases incorporate support for
these new protocols.

Note PDLMs must be loaded on both Route Processors (RPs) when using the ASR 1006 redundant hardware
setup.

Dynamic PDLMs are platform-specific and have Software Family Identifier (SFI) embedded in them.
Dynamic PDLMs of other platforms cannot be loaded on Cisco ASR 1000 Series Routers.

NBAR and Classification of Peer-to-Peer File-Sharing Applications

The following applications are the most common peer-to-peer file-sharing applications supported by
NBAR:
• BitTorrent
• DirectConnect
• eDonkey
• eMule
• FastTrack
• KazaA (and KazaA Lite and KazaA Lite Resurrection)
• Win MX
• POCO

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

10
 NBAR Scalability
Interface Scalability

In Cisco IOS XE Release 2.5 the DirectConnect and the eDonkey P2P protocols support the following
subclassifications:
• eDonkey supports the following subclassification options:
◦ file-transfer
◦ search-file-name
◦ text-chat
• KazaA, FastTrack, and Gnuetella support the file-transfer subclassification.
The Gnutella file sharing became classifiable using NBAR in Cisco IOS XE Release 2.5.
Applications that use the Gnutella protocol are Bearshare, Gnewtellium, Gnucleus, Gtk-Gnutella,
Limewire, Mutella, Phex, Qtella, Swapper, and Xolo. The traffic from the applications that use the Gnutella
protocol will be classified as Gnutella and not as the respective application.

NBAR Scalability
• Interface Scalability, page 11
• Flow Scalability, page 11
• Flow Table Sizing, page 12

Interface Scalability
In Cisco IOS XE Release 2.4 and earlier releases, there is no limit on the number of interfaces on which
protocol discovery can be enabled.
The table below provides the details of the protocol discovery supported interface and the release number.

Table 2 Release and Protocol Discovery Interface Support

Release Number of Interfaces Supported with Protocol Discovery

Cisco IOS XE Release 2.5 128

Cisco IOS XE Release 2.6 256

Cisco IOS XE Release 2.7 32

Cisco IOS XE Release 3.2S and later releases 32

Flow Scalability
In Cisco IOS XE Release 2.5, the following flows are supported:
• A maximum of 250K bidirectional flows on Edge Services Processor (ESP)10 and ESP20 hardware.
• A maximum of 125K bidirectional flows on ESP5.
If this limit is exceeded or there is a flow memory constraint, new flows will be classified as Unknown.
In Cisco IOS XE Release 3.1, the following flows are supported:
• A maximum of 125K bidirectional flows on Forwarding Processor (FP)5 platform.
• A maximum of 250K bidirectional flows on FP10, FP20, and FP40 platform.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

11
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

If this limit is exceeded or there is a flow memory constraint, new flows will be classified as Unknown.
In Cisco IOS XE Release 3.2, the following flows are supported:
• A maximum of 500K bidirectional flows on FP5/1Rack Units (RU) platform.
• A maximum of 1M bidirectional flows on 10/10/40 platform.
If this limit is exceeded or there is a flow memory constraint, new flows will be classified as Unknown.
In Cisco IOS XE Release 3.3S, the number of bidirectional flows and the platforms supported are the same
as in Cisco IOS XE Release 3.2. A new method to reduce the number of active flows based on quick aging
is introduced.
Quick aging occurs under the following conditions:
• TCP flows that do not reach the established state.
• UDP flows with fewer than five packets that are not classified within the specified quick aging
timeout.
• Flows that are not classified within the specified quick aging timeout.
The quick aging method reduces the number of flows required for NBAR operation up to three times or
more depending on the network behavior.
In Cisco IOS XE Release 3.4S, the following flows are supported:
• A default flow capacity of 500K bidirectional flows on ESP5/1Rack Units (RU) platform.
• A default flow capacity of 1M bidirectional flows on 10/20/40 platform.

Flow Table Sizing

The ip nbar resources flow max-sessions command provides the option to override the default maximum
flow sessions to be allowed in a flow table. The performance of the router with the NBAR feature depends
on the memory size and the number of flows configured for the flow table. The flexibility to change the
number of flows helps in increasing the performance of the system depending on the capacity of the router.
To verify the NBAR flow statistics, use the show ip nbar resources flow command.
The following table provides the details of the platform and the flow size limits.

Table 3 Platform and Flow Size Details

Platform Maximum number of flows Default number of flows Memory upper limit [MB] (70% of
platform memory)
ESP5/1RU 750,000 500,000 179

ESP10 1,650,000 1,000,000 358

ESP20 3,500,000 1,000,000 716

ESP40 3,500,000 1,000,000 716

The recommended number of flow configuration on all the platforms is 50,000 flows.

Note The flow size cannot be increased if the overall system memory usage is already 90%.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

12
 NBAR-Supported Protocols
Flow Table Sizing

NBAR-Supported Protocols
The match protocol(NBAR) command is used to classify traffic on the basis of protocols supported by
NBAR. NBAR can classify the following types of protocols:
• Non-UDP and non-TCP IP protocols
• TCP and UDP protocols that use statically assigned port numbers
• TCP and UDP protocols that use statically assigned port numbers, but still require stateful inspection.
• TCP and UDP protocols that dynamically assign port numbers and therefore require stateful inspection
The table below lists the NBAR-supported protocols available in Cisco IOS XE software, sorted by
category. The table also provides information about the protocol type, the well-known port numbers (if
applicable), the syntax for entering the protocol in NBAR, and the Cisco IOS XE software release in which
the protocol was initially supported. This table is updated when a protocol becomes supported in Cisco IOS
XE software.

Table 4 NBAR-Supported Protocols

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Enterprise Novadigm TCP/ UDP 3460-346 Novadigm novadigm Cisco IOS XE
Application 5 Enterprise Release 2.3
s Desktop
Manager (EDM)

Citrix (ICA, TCP/ UDP TCP: Citrix ICA citrix Cisco IOS XE
CGP, IMA, 1494, traffic Release 2.5
citrix app
SB) 2512,
2513, citrix ica-tag
2598
UDP:
1604

Oracle TCP 1525 Oracle ora-srv Cisco IOS XE

Release 2.3

PCAnywhere TCP/UDP TCP: Symantic pcanywhere Cisco IOS XE

5631, PCAnywhere Release 2.3
65301
UDP: 22,
5632

SAP TCP 3300-331 SAP Systems sap Cisco IOS XE

5 Applications Release 2.5
3200-321 Product in Data
5 processing
3600-361
5

Exchange 1 TCP 135 MS-RPC for exchange Cisco IOS XE

Exchange Release 2.5

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

13
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Routing BGP TCP/ UDP 179 Border Gateway bgp Cisco IOS XE
Protocols Protocol Release 2.3

EGP IP 8 Exterior egp Cisco IOS XE

Gateway Release 2.3
Protocol

EIGRP IP 88 Enhanced eigrp Cisco IOS XE

Interior Gateway Release 2.3
Routing Protocol

OSPF IP 89 Open Shortest ospf Cisco IOS XE

Path First Release 2.3

RIP UDP 520 Routing rip Cisco IOS XE

Information Release 2.3
Protocol

STUN-NAT TCP/UDP 3478 Session stun-nat Cisco IOS XE

Traversal Release 3.5S
Utilities for
NAT (STUN)

Database SQL-exec TCP/UDP 9088 SQL Exec sqlexec Cisco IOS XE

Release 2.3

SQL*NET TCP/ UDP 1521 SQL*NET for sqlnet Cisco IOS XE

Oracle Release 2.5

Financial FIX TCP Heuristic Financial fix Cisco IOS XE

Information Release 2.5
Exchange

Security GRE IP 47 Generic Routing gre Cisco IOS XE

and Encapsulation Release 2.3
Tunneling
IPINIP IP 4 IP in IP ipinip Cisco IOS XE
Release 2.3

IPsec IP/TCP 50, 51 IP Encapsulating ipsec Cisco IOS XE

TCP- Security Release 2.3 Cisco
Heuristic Payload/ IOS XE Release
Authentication- 3.3S
Header

L2TP UDP 1701 L2F/L2TP l2tp Cisco IOS XE

Tunnel Release 2.3

1 For Cisco IOS XE Release 2.5, Cisco supports Exchange 03 and 07 only. MS client access is recognized, but web client access is not recognized.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

14
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
PPTP TCP 1723 Point-to-Point pptp Cisco IOS XE
Tunneling Release 2.3
Protocol for
VPN

SFTP TCP 990 Secure FTP secure-ftp Cisco IOS XE

Release 2.3

SHTTP TCP 443 Secure HTTP secure-http Cisco IOS XE

Release 2.1

SIMAP TCP/ UDP 585, 993 Secure Internet secure-imap Cisco IOS XE
Message Access Release 2.3
Protocol

SIRC TCP/ UDP 994 Secure Internet secure-irc Cisco IOS XE

Relay Chat Release 2.3

SLDAP TCP/ UDP 636 Secure secure-ldap Cisco IOS XE

Lightweight Release 2.3
Directory
Access Protocol

SNNTP TCP/ UDP 563 Secure Network secure-nntp Cisco IOS XE

News Transfer Release 2.3
Protocol

SOCKS TCP 1080 Firewall socks Cisco IOS XE

Security Release 2.3
Protocol

SPOP3 TCP/ UDP 995 Secure POP3 secure-pop3 Cisco IOS XE

Release 2.3

SSH TCP 22 Secured Shell ssh Cisco IOS XE

Release 2.3

STELNET TCP 992 Secure Telnet secure-telnet Cisco IOS XE

Release 2.3

Network ICMP IP 1 Internet Control icmp Cisco IOS XE

Manageme Message Release 2.3
nt Protocol

SNMP TCP/ UDP 161, 162 Simple Network snmp Cisco IOS XE
Management Release 2.3
Protocol

Syslog UDP 514 System Logging syslog Cisco IOS XE

Utility Release 2.3

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

15
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Network Gmail Gmail and gmail | chat Cisco IOS XE
Mail Gmail-chat Release 3.5S
Services traffic

IMAP TCP/ UDP 143, 220 Internet Message imap Cisco IOS XE
Access Protocol Release 2.3

Notes TCP/ UDP 1352 Lotus Notes notes Cisco IOS XE

Release 2.3
Cisco IOS XE
Release 2.3

POP3 TCP/ UDP 110, Post Office pop3 Cisco IOS XE

Heuristic Protocol Release 2.1

SMTP TCP 25, Simple Mail smtp Cisco IOS XE

Heuristic Transfer Release 2.3
Protocol

Directory DHCP/ UDP 67, 68 Dynamic Host dhcp Cisco IOS XE

BOOTP Configuration Release 2.1
Protocol/
Bootstrap
Protocol

DNS TCP/ UDP 53 Domain Name dns Cisco IOS XE

System Release 2.1

Finger TCP 79 Finger User finger Cisco IOS XE

Information Release 2.3
Protocol

Kerberos TCP/ UDP 88, 749 Kerberos kerberos Cisco IOS XE

Network Release 2.3
Authentication
Service

LDAP TCP/ UDP 389 Lightweight ldap Cisco IOS XE

Directory Release 2.3
Access Protocol

Internet FTP TCP 21, 21000, File Transfer ftp Cisco IOS XE
Heuristic Protocol Release 2.3

Gopher TCP/ UDP 70 Internet Gopher gopher Cisco IOS XE

Protocol Release 2.3

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

16
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
HTTP TCP 80, Hypertext http Cisco IOS XE
Heuristic Transfer Release 2.1
Protocol Cisco IOS XE
Release 2.5

IRC TCP/ UDP 194 Internet Relay irc Cisco IOS XE

Chat Release 2.3

NNTP TCP/ UDP 119, Network News nntp Cisco IOS XE

Heuristic Transfer Release 2.3
Protocol

Telnet TCP 23 Telnet Protocol telnet Cisco IOS XE

Release 2.1

TFTP UDP 69 Trivial File tftp Cisco IOS XE

Transfer Release 2.5
Protocol

Signaling AppleQTC TCP/UDP 458 Apple Quick appleqtc Cisco IOS XE

Time Release 2.3

Chargen TCP/UDP 19 Character chargen Cisco IOS XE

Generator Release 2.3

ClearCase TCP/UDP 371 Clear Case clearcase Cisco IOS XE

Protocol Release 2.3
Software
Informer

Corba TCP/UDP 683, 684 Corba Internet corba-iiop Cisco IOS XE

Inter-Orb Release 2.3
Protocol (IIOP)

Daytime TCP/UDP 13 Daytime daytime Cisco IOS XE

Protocol Release 2.3

Doom TCP/UDP 666 Doom doom Cisco IOS XE

Release 2.3

Echo TCP/UDP 7 Echo Protocol echo Cisco IOS XE

Release 2.3

IBM DB2 TCP/UDP 523 IBM ibm-db2 Cisco IOS XE

Information Release 2.3
Management

IPX TCP/UDP 213 Internet Packet server-ipx Cisco IOS XE

Exchange Release 2.3

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

17
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
ISAKMP TCP/UDP 500 Internet Security isakmp Cisco IOS XE
Association and Release 2.3
Key
Management
Protocol

ISI-GL TCP/UDP 55 Interoperable isi-gl Cisco IOS XE

Self Installation Release 2.3
Graphics
Language

KLogin TCP 543 KLogin klogin Cisco IOS XE

Release 2.3

KShell TCP 544 KShell kshell Cisco IOS XE

Release 2.3

LockD TCP/UDP 4045 LockD lockd Cisco IOS XE

Release 2.3

MSSQL TCP 1433 Microsoft mssql Cisco IOS XE

Structured Release 2.3
Query Language
(SQL) Server

RSVP IP/ UDP IP: 46 Resource rsvp Cisco IOS XE

UDP: Reservation Release 2.3
1698, Protocol
1699

RPC NFS TCP/UDP 2049 Network File nfs Cisco IOS XE

System Release 2.3

Sunrpc TCP/ UDP 111, Sun Remote sunrpc Cisco IOS XE

Heuristic Procedure Call Release 2.5

Non-IP and NetBIOS TCP/ UDP TCP-137, NetBIOS over IP netbios Cisco IOS XE
LAN/ 138 (MS Windows) Release 2.3
Legacy UDP-137,
139

Nickname TCP/UDP 43 Nickname nicname Cisco IOS XE

Release 2.3

NPP TCP/UDP 92 Network npp Cisco IOS XE

Payment Release 2.3
Protocol

Voice H.323 TCP Heuristic H.323 h323 Cisco IOS XE

Teleconferencin Release 2.1
g Protocol

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

18
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
SIP TCP/UPD 5060 Session sip Cisco IOS XE
Initiation Release 2.1
Protocol

Skype2 TCP/UDP TCP-80, VoIP Client skype Cisco IOS XE

Heuristic Software Release 2.1
Cisco IOS XE
Release 2.5

RTP TCP/ UDP Heuristic Real-Time rtp Cisco IOS XE

Transport Release 2.5
Protocol Payload
Classification

Desktop CUSeeMe TCP/UDP TCP: CU-SeeMe cuseeme Cisco IOS XE

Media 7648, Desktop Video Release 2.3
7649 Conference
UDP:
24032

Streaming RTSP TCP 554, 8554 Real-Time rtsp Cisco IOS XE

Media Streaming Release 2.3
Protocol

Peer-to- BitTorrent3 TCP Heuristic, BitTorrent File bittorrent Cisco IOS XE

Peer File- or Transfer Traffic Release 2.5
Sharing 6881-688
Application 9
s
DirectConne TCP 80, Direct Connect directconnect Cisco IOS XE
ct 411-413, File Transfer Release 2.5
Heuristic Traffic

eDonkey/ TCP 80, 4662, eDonkey File- edonkey Cisco IOS XE

eMule4 Heuristic Sharing Release 2.5
Application
eMule traffic is
also classified as
eDonkey traffic
in NBAR.

eDonkey- TCP 80, 4662 Classifies some edonkey-static Cisco IOS XE

static of the edonkey Release 3.3S
traffic based on
WKP only.

2 Cisco software supports Skype 1.0, 2.5, 3.0, and 4.0. In Skype 4.0, the classification may not be complete.
3 BitTorrent classifies only unencrypted traffic.
4 eDonkey classifies only unencrypted traffic.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

19
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Encrypted TCP Heuristic P2P file sharing encrypted-emule Cisco IOS XE
Emule encrypted Release 3.4S
protocol

FastTrack N/A Heuristic FastTrack traffic fasttrack Cisco IOS XE

Release 2.5

FastTrack N/A Heuristic FastTrack Static fasttrack-static Cisco IOS XE

Static Release 3.3S

Gnutella TCP/UDP Heuristic, Gnutella traffic gnutella Cisco IOS XE

or Release 2.5
TCP-80,
6346-634
9,
6355,5634
UDP-634
6-6348

Gnutella TCP/UDP Heuristic, Gnutella networking- Cisco IOS XE

Networking or Networking gnutella Release 3.4S
UDP-634 traffic
6-6348

KaZaA TCP/ UPD Heuristic KaZaA kazaa2 Cisco IOS XE

Release 2.5
Note that earlier
KaZaA version 1
traffic can be
classified using
FastTrack.

WinMX TCP 6699 WinMX Peer-to- winmx Cisco IOS XE

Peer File- Release 2.5
Sharing

Voice and cisco-ip- Cisco Video cisco-ip-camera Cisco IOS XE

Video camera Surveillance Release 3.5S
Camera

gtalk-video Google Talk gtalk-video Cisco IOS XE

Video Call Release 3.5S

gtalk-voip Google Talk gtalk-voip Cisco IOS XE

Voice Release 3.5S

livemeeting Microsoft Office livemeeting Cisco IOS XE

Live Meeting Release 3.5S

megavideo Video Hosting megavideo Cisco IOS XE

Service Release 3.5S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

20
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
netflix Netflix Video netflix Cisco IOS XE
Release 3.5S

rtmpe Real Time rtmpe Cisco IOS XE

Messaging Release 3.5S
Protocol

viber Viber VoIP is an viber Cisco IOS XE

iPhone voice Release 3.5S
communication
application

Miscellaneo 3Com AMP3 TCP/UDP 629 3Com AMP3 3com-amp3 Cisco IOS XE
us Release 3.1S

3Com TCP/UDP 106 3Com TSMUX 3com-tsmux Cisco IOS XE

TSMUX Release 3.1S

3PC TCP/UDP 34 Third Party 3pc Cisco IOS XE

Connect Release 3.1S
Protocol

914 C/G TCP/UDP 211 Texas 914c/g Cisco IOS XE

Instruments 914 Release 3.1S
Terminal

9PFS TCP/UDP 564 Plan 9 file 9pfs Cisco IOS XE

service Release 3.1S

ACAP TCP/UDP 674 ACAP acap Cisco IOS XE

Release 3.1S

ACAS TCP/UDP 62 ACA Services acas Cisco IOS XE

Release 3.1S

AccessBuild TCP/UDP 888 Access Builder accessbuilder Cisco IOS XE

er Release 3.1S

AccessNetw TCP/UDP 699 Access Network accessnetwork Cisco IOS XE

ork Release 3.1S

ACP TCP/UDP 599 Aeolon Core acp Cisco IOS XE

Protocol Release 3.1S

ACR-NEMA TCP/UDP 104 ACR-NEMA acr-nema Cisco IOS XE

Digital Img Release 3.1S

AED-512 TCP/UDP 149 AED 512 aed-512 Cisco IOS XE

Emulation Release 3.1S
service

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

21
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Agentx TCP/UDP 705 AgentX agentx Cisco IOS XE
Release 3.1S

Alpes TCP/UDP 463 Alpes alpes Cisco IOS XE

Release 3.1S

AMInet TCP/UDP 2639 AMInet aminet Cisco IOS XE

Release 3.1S

AN TCP/UDP 107 Active Networks an Cisco IOS XE

Release 3.1S

ANET TCP/UDP 212 ATEXSSTR anet Cisco IOS XE

Release 3.1S

ANSANotify TCP/UDP 116 ANSA REX ansanotify Cisco IOS XE

Notify Release 3.1S

ANSATrader TCP/UDP 124 ansatrader ansatrader Cisco IOS XE

Release 3.1S

AODV TCP/UDP 654 AODV aodv Cisco IOS XE

Release 3.1S

Apertus-LDP TCP/UDP 539 Apertus Tech apertus-ldp Cisco IOS XE

Load Release 3.1S
Distribution

AppleQTC TCP/UDP 458 apple quick time appleqtc Cisco IOS XE

Release 3.1S

AppleQTSR TCP/UDP 545 appleqtcsrvr appleqtcsrvr Cisco IOS XE

VR Release 3.1S

Applix TCP/UDP 999 Applix ac applix Cisco IOS XE

Release 3.1S

ARCISDMS TCP/UDP 262 arcisdms arcisdms Cisco IOS XE

Release 3.1S

ARGUS TCP/UDP 13 ARGUS argus Cisco IOS XE

Release 3.1S

Ariel2 TCP/UDP 419 Ariel1 ariel1 Cisco IOS XE

Release 3.1S

Ariel2 TCP/UDP 421 Ariel2 ariel2 Cisco IOS XE

Release 3.1S

Ariel3 TCP/UDP 422 Ariel3 ariel3 Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

22
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
ARIS TCP/UDP 104 ARIS aris Cisco IOS XE
Release 3.1S

ARNS TCP/UDP 384 A remote arns Cisco IOS XE

network server Release 3.1S
system

ASA TCP/UDP 386 ASA Message asa Cisco IOS XE

router object def Release 3.1S

ASA-Appl- TCP/UDP asa-appl-proto asa-appl-proto Cisco IOS XE

502
Proto Release 3.1S

ASIPRegistr TCP/UDP 687 asipregistry asipregistry Cisco IOS XE

y Release 3.1S

ASIP- TCP/UDP 311 asip-webadmin Cisco IOS XE

AppleShare IP
Webadmin Release 3.1S
WebAdmin

AS- TCP/UDP 449 AS Server as-servermap Cisco IOS XE

Servermap Mapper Release 3.1S

AT-3 TCP/UDP 203 AppleTalk at-3 Cisco IOS XE

Unused Release 3.1S

AT-5 TCP/UDP 205 AppleTalk at-5 Cisco IOS XE

Unused Release 3.1S

AT-7 TCP/UDP AppleTalk at-7 Cisco IOS XE

207
Unused Release 3.1S

TCP/UDP 208 AppleTalk at-8 Cisco IOS XE

AT-8
Unused Release 3.1S

AT-Echo TCP/UDP 204 AppleTalk Echo at-echo Cisco IOS XE

Release 3.1S

TCP/UDP 202 at-nbp Cisco IOS XE

AT-NBP AppleTalk
Release 3.1S
Name Binding

AT-RTMP TCP/UDP 201 AppleTalk at-rtmp Cisco IOS XE

Routing Release 3.1S
Maintenance

AT-ZIS TCP/UDP 206 AppleTalk Zone at-zis Cisco IOS XE

Information Release 3.1S

TCP/UDP Unisys Audit audit Cisco IOS XE

Audit 182
SITP Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

23
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Auditd TCP/UDP 48 auditd Cisco IOS XE
Digital Audit
Release 3.1S
daemon

Aurora- TCP/UDP 364 Aurora CMGR aurora-cmgr Cisco IOS XE

CMGR Release 3.1S

AURP TCP/UDP 387 Appletalk aurp Cisco IOS XE

Update-Based Release 3.1S
Routing Protocol

AUTH TCP/UDP 113 auth Cisco IOS XE

Authentication
Release 3.1S
Service

Avian TCP/UDP 486 avian Cisco IOS XE

avian
Release 3.1S

TCP/UDP 93 AX.25 Frames ax25 Cisco IOS XE

AX25
Release 3.1S

Banyan-RPC TCP/UDP 567 Banyan-RPC banyan-rpc Cisco IOS XE

Release 3.1S

Banyan-VIP TCP/UDP 573 Banyan-VIP banyan-vip Cisco IOS XE

Release 3.1S

BBNRCCM TCP/UDP 10 BBN RCC bbnrccmon Cisco IOS XE

ON Monitoring Release 3.1S

BDP TCP/UDP 581 Bundle bdp Cisco IOS XE

Discovery Release 3.1S
protocol

BFTP TCP/UDP 152 Background File bftp Cisco IOS XE

Transfer Release 3.1S
Program

BGMP TCP/UDP 264 Border Gateway bgmp Cisco IOS XE

Multicast Release 3.1S
Protocol

BGP TCP/UDP 179 Border Gateway bgp Cisco IOS XE

Protocol Release 3.1S

BGS-NSI TCP/UDP 482 BGS-NSI bgs-nsi Cisco IOS XE

Release 3.1S

Bhevent TCP/UDP 357 Bhevent bhevent Cisco IOS XE

Release 3.1S

BHFHS TCP/UDP 248 BHFHS bhfhs Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

24
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
BHMDS TCP/UDP 310 BHMDS bhmds Cisco IOS XE
Release 3.1S

BL-IDM TCP/UDP 142 Britton Lee IDM bl-idm Cisco IOS XE

Release 3.1S

BMPP TCP/UDP 632 BMPP bmpp Cisco IOS XE

Release 3.1S

BNA TCP/UDP 49 BNA bna Cisco IOS XE

Release 3.1S

Bnet TCP/UDP 415 BNET bnet Cisco IOS XE

Release 3.1S

Borland-DSJ TCP/UDP 707 Borland-dsj borland-dsj Cisco IOS XE

Release 3.1S

BR-SAT- TCP/UDP 76 Backroom br-sat-mon Cisco IOS XE

Mon SATNET Release 3.1S
Monitoring

Cableport- TCP/UDP 282 Cable Port A/X cableport-ax Cisco IOS XE

AX Release 3.1S

Cab-Protocol TCP/UDP 595 CAB Protocol cab-protocol Cisco IOS XE

Release 3.1S

Cadlock TCP/UDP 770 Cadlock cadlock Cisco IOS XE

Release 3.1S

CAIlic TCP/UDP 216 Computer CAIlic Cisco IOS XE

Associates Intl Release 3.1S
License Server

CBT TCP/UDP 7 CBT cbt Cisco IOS XE

Release 3.1S

CDC TCP/UDP 223 Certificate cdc Cisco IOS XE

Distribution Release 3.1S
Center

CFDPTKT TCP/UDP 120 cfdptkt cfdptkt Cisco IOS XE

Release 3.1S

CFTP TCP/UDP 62 CFTP cftp Cisco IOS XE

Release 3.1S

CHAOS TCP/UDP 16 Chaos chaos Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

25
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
CharGen TCP/UDP 19 Character chargen Cisco IOS XE
Generator Release 3.1S

Cisco IOS XE Release ChShell TCP/UDP 562 ch chshell

3.1S cm
d

Cimplex TCP/UDP 673 Cimplex cimplex Cisco IOS XE

Release 3.1S

Cisco-FNA TCP/UDP 130 Cisco FNATIVE cisco-fna Cisco IOS XE

Release 3.1S

Cisco-SYS TCP/UDP 132 Cisco cisco-sys Cisco IOS XE

SYSMAINT Release 3.1S

Cisco-TDP TCP/UDP 711 Cisco TDP cisco-tdp Cisco IOS XE

Release 3.1S

Cisco-TNA TCP/UDP 131 Cisco TNATIVE cisco-tna Cisco IOS XE

Release 3.1S

Clearcase TCP/UDP 371 Clearcase clearcase Cisco IOS XE

Release 3.1S

Cloanto- TCP/UDP 356 Cloanto-net-1 cloanto-net-1 Cisco IOS XE

Net-1 Release 3.1S

CMIP-Agent TCP/UDP 164 CMIP/TCP cmip-agent Cisco IOS XE

Agent Release 3.1S

CMIP-Man TCP/UDP 163 CMIP/TCP cmip-man Cisco IOS XE

Manager Release 3.1S

Coauthor TCP/UDP 1529 Oracle coauthor Cisco IOS XE

Release 3.1S

Codaauth2 TCP/UDP 370 Codaauth2 codaauth2 Cisco IOS XE

Release 3.1S

Collaborator TCP/UDP 622 Collaborator collaborator Cisco IOS XE

Release 3.1S

Commerce TCP/UDP 542 Commerce commerce Cisco IOS XE

Release 3.1S

Compaq- TCP/UDP 110 Compaq Peer compaq-peer Cisco IOS XE

Peer Protocol Release 3.1S

Compressnet TCP/UDP 2 Management compressnet Cisco IOS XE

Utility Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

26
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
COMSCM TCP/UDP 437 COMSCM comscm Cisco IOS XE
Release 3.1S

CON TCP/UDP 759 Con con Cisco IOS XE

Release 3.1S

Conference TCP/UDP 531 Chat conference Cisco IOS XE

Release 3.1S

Connendp TCP/UDP 693 Almanid connendp Cisco IOS XE

Connection Release 3.1S
Endpoint

ContentServ TCP/UDP 3365 Contentserver contentserver Cisco IOS XE

er Release 3.1S

CoreRJD TCP/UDP 284 Corerjd corerjd Cisco IOS XE

Release 3.1S

Courier TCP/UDP 530 RPC courier Cisco IOS XE

Release 3.1S

Covia TCP/UDP 64 Communications covia Cisco IOS XE

Integrator Release 3.1S

CPHB TCP/UDP 73 Computer cphb Cisco IOS XE

Protocol Heart Release 3.1S
Beat

CPNX TCP/UDP 72 Computer cpnx Cisco IOS XE

Protocol Release 3.1S
Network
Executive

Creativepart TCP/UDP 455 Creativepartnr creativepartnr Cisco IOS XE

nr Release 3.1S

Creativeserv TCP/UDP 453 Creativeserver creativeserver Cisco IOS XE

er Release 3.1S

CRS TCP/UDP 507 CRS crs Cisco IOS XE

Release 3.1S

CRTP TCP/UDP 126 Combat Radio crtp Cisco IOS XE

Transport Release 3.1S
Protocol

CRUDP TCP/UDP 127 Combat Radio crudp Cisco IOS XE

User Datagram Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

27
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
CryptoAdmi TCP/UDP 624 Crypto Admin cryptoadmin Cisco IOS XE
n Release 3.1S

CSI-SGWP TCP/UDP 348 Cabletron csi-sgwp Cisco IOS XE

Management Release 3.1S
Protocol

CSNET-NS TCP/UDP 105 Mailbox Name csnet-ns Cisco IOS XE

Nameserver Release 3.1S

CTF TCP/UDP 84 Common Trace ctf Cisco IOS XE

Facility Release 3.1S

CUSTIX TCP/UDP 528 Customer custix Cisco IOS XE

Ixchange Release 3.1S

CVC_Hostd TCP/UDP 442 CVC_Hostd cvc_hostd Cisco IOS XE

Release 3.1S

Cybercash TCP/UDP 551 Cybercash cybercash Cisco IOS XE

Release 3.1S

Cycleserv TCP/UDP 763 Cycleserv cycleserv Cisco IOS XE

Release 3.1S

Cycleserv2 TCP/UDP 772 Cycleserv2 cycleserv2 Cisco IOS XE

Release 3.1S

Dantz TCP/UDP 497 Dantz dantz Cisco IOS XE

Release 3.1S

DASP TCP/UDP 439 Dasp dasp Cisco IOS XE

Release 3.1S

DataSurfSR TCP/UDP 461 DataRamp Svr datasurfsrv Cisco IOS XE

V Release 3.1S

DataSurfSR TCP/UDP 462 DataRamp Svr datasurfsrvsec Cisco IOS XE

VSec svs Release 3.1S

Datex-ASN TCP/UDP 355 datex-asn datex-asn Cisco IOS XE

Release 3.1S

Daytime TCP/UDP 13 Daytime (RFC daytime Cisco IOS XE

867) Release 3.1S

Dbase TCP/UDP 217 dBASE Unix dbase Cisco IOS XE

Release 3.1S

DCCP TCP/UDP 33 Datagram dccp Cisco IOS XE

Congestion Release 3.1S
Control Protocol

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

28
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
DCN-Meas TCP/UDP 19 DCN dcn-meas Cisco IOS XE
Measurement Release 3.1S
Subsystems

DCP TCP/UDP 93 Device Control dcp Cisco IOS XE

Protocol Release 3.1S

DCTP TCP/UDP 675 DCTP dctp Cisco IOS XE

Release 3.1S

DDM-DFM TCP/UDP 447 DDM ddm-dfm Cisco IOS XE

Distributed File Release 3.1S
management

DDM-RDB TCP/UDP 446 DDM-Remote ddm-rdb Cisco IOS XE

Relational Release 3.1S
Database Access

DDM-SSL TCP/UDP 448 DDM-Remote ddm-ssl Cisco IOS XE

DB Access Release 3.1S
Using Secure
Sockets

DDP TCP/UDP 37 Datagram ddp Cisco IOS XE

Delivery Release 3.1S
Protocol

DDX TCP/UDP 116 D-II Data ddx Cisco IOS XE

Exchange Release 3.1S

DEC_DLM TCP/UDP 625 dec_dlm dec_dlm Cisco IOS XE

Release 3.1S

Decap TCP/UDP 403 Decap decap Cisco IOS XE

Release 3.1S

Decauth TCP/UDP 316 Decauth decauth Cisco IOS XE

Release 3.1S

Decbsrv TCP/UDP 579 Decbsrv decbsrv Cisco IOS XE

Release 3.1S

Decladebug TCP/UDP 410 DECLadebug decladebug Cisco IOS XE

Remote Debug Release 3.1S
Protocol

Decvms- TCP/UDP 441 Decvms-sysmgt decvms-sysmgt Cisco IOS XE

sysmgt Release 3.1S

DEI-ICDA TCP/UDP 618 dei-icda dei-icda Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

29
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
DEOS TCP/UDP 76 Distributed deos Cisco IOS XE
External Object Release 3.1S
Store

Device TCP/UDP 801 Device device Cisco IOS XE

Release 3.1S

DGP TCP/UDP 86 Dissimilar dgp Cisco IOS XE

Gateway Release 3.1S
Protocol

DHCP- TCP/UDP 647 DHCP Failover dhcp-failover Cisco IOS XE

Failover Release 3.1S

DHCP- TCP/UDP 847 dhcp-failover2 dhcp-failover2 Cisco IOS XE

Failover2 Release 3.1S

DHCPv6- TCP/UDP 546 DHCPv6 Client dhcpv6-client Cisco IOS XE

client Release 3.1S

DHCPv6- TCP/UDP 547 DHCPv6 Server dhcpv6-server Cisco IOS XE

server Release 3.1S

Dicom TCP/UDP Heuristic Digital Imaging dicom Cisco IOS XE

and Release 3.3S
Communications
in Medicine

Digital-VRC TCP/UDP 466 digital-vrc digital-vrc Cisco IOS XE

Release 3.1S

Directplay TCP/UDP 2234 DirectPlay directplay Cisco IOS XE

Release 3.1S

Directplay8 TCP/UDP 6073 DirectPlay8 directplay8 Cisco IOS XE

Release 3.1S

Directv- TCP/UDP 3337 Direct TV Data directv-catlg Cisco IOS XE

Catlg Catalog Release 3.1S

Directv-Soft TCP/UDP 3335 Direct TV directv-soft Cisco IOS XE

Software Release 3.1S
Updates

Directv-Tick TCP/UDP 3336 Direct TV directv-tick Cisco IOS XE

Tickers Release 3.1S

Directv-Web TCP/UDP 3334 Direct TV directv-web Cisco IOS XE

Webcasting Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

30
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Discard TCP/UDP 9 Discard discard Cisco IOS XE
Release 3.1S

Disclose TCP/UDP 667 campaign disclose Cisco IOS XE

contribution Release 3.1S
disclosures

Dixie TCP/UDP 96 DIXIE Protocol dixie Cisco IOS XE

Specification Release 3.1S

DLS TCP/UDP Directory dls Cisco IOS XE

Location Service Release 3.1S

DLS-Mon TCP/UDP 198 Directory dls-mon Cisco IOS XE

Location Service Release 3.1S
Monitor

DN6-NLM- TCP/UDP 195 DNSIX Network dn6-nlm-aud Cisco IOS XE

AUD Level Module Release 3.1S
Audit

DNA-CML TCP/UDP 436 DNA-CML dna-cml Cisco IOS XE

Release 3.1S

DNS TCP/UDP 53 Domain Name dns Cisco IOS XE

Server lookup Release 3.1S

DNSIX TCP/UDP 90 DNSIX Security dnsix Cisco IOS XE

Attribute Token Release 3.1S
Map

DOOM TCP/UDP 666 Doom Id doom Cisco IOS XE

Software Release 3.1S

DPSI TCP/UDP 315 DPSI dpsi Cisco IOS XE

Release 3.1S

DSFGW TCP/UDP 438 DSFGW dsfgw Cisco IOS XE

Release 3.1S

DSP TCP/UDP 33 Display Support dsp Cisco IOS XE

Protocol Release 3.1S

DSP3270 TCP/UDP 246 Display Systems dsp3270 Cisco IOS XE

Protocol Release 3.1S

DSR TCP/UDP 48 Dynamic Source dsr Cisco IOS XE

Routing Protocol Release 3.1S

DTAG-DTE- TCP/UDP 352 DTAG dtag-ste-sb Cisco IOS XE

SB Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

31
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Cisco IOS XE Release DTK TCP/UDP 365 DT dtk
3.1S K

DWR TCP/UDP 644 DWR dwr Cisco IOS XE

Release 3.1S

Echo TCP/UDP 7 Echo echo Cisco IOS XE

Release 3.1S

EGP TCP/UDP 8 Exterior egp Cisco IOS XE

Gateway Release 3.1S
Protocol

EIGRP TCP/UDP 88 Enhanced eigrp Cisco IOS XE

Interior Gateway Release 3.1S
Routing Protocol

ELCSD TCP/UDP 704 errlog copy/ elcsd Cisco IOS XE

server daemon Release 3.1S

EMBL-NDT TCP/UDP 394 EMBL Nucleic embl-ndt Cisco IOS XE

Data Transfer Release 3.1S

EMCON TCP/UDP 14 EMCON emcon Cisco IOS XE

Release 3.1S

EMFIS- TCP/UDP 141 EMFIS Control emfis-cntl Cisco IOS XE

CNTLl Service Release 3.1S

EMFIS-Data TCP/UDP 140 EMFIS Data emfis-data Cisco IOS XE

Service Release 3.1S

Encap TCP/UDP 98 Encapsulation encap Cisco IOS XE

Header Release 3.1S

Encrypted TCP Heuristic Encrypted encrypted- Cisco IOS XE

BitTorrent BitTorrent bittorrent Release 3.4S

Entomb TCP/UDP 775 Entomb entomb Cisco IOS XE

Release 3.1S

Entrust- TCP/UDP 680 Entrust-aaas entrust-aaas Cisco IOS XE

AAAS Release 3.1S

Entrust- TCP/UDP 681 Entrust-aams entrust-aams Cisco IOS XE

AAMS Release 3.1S

Entrust-ASH TCP/UDP 710 Entrust entrust-ash Cisco IOS XE

Administration Release 3.1S
Service Handler

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

32
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Entrust- TCP/UDP 709 Entrust Key entrust-kmsh Cisco IOS XE
KMSH Management Release 3.1S
Service Handler

Entrust-SPS TCP/UDP 640 entrust-sps entrust-sps Cisco IOS XE

Release 3.1S

ERPC TCP/UDP 121 Encore erpc Cisco IOS XE

Expedited Release 3.1S
Remote Pro.Call

ESCP-IP TCP/UDP 621 escp-ip escp-ip Cisco IOS XE

Release 3.1S

ESRO-GEN TCP/UDP 259 Efficient Short esro-gen Cisco IOS XE

Remote Release 3.1S
Operations

ESRP- TCP/UDP 642 ESRO-EMSDP esro-emsdp Cisco IOS XE

EMSDP V1.3 Release 3.1S

EtherIP TCP/UDP 97 Ethernet-within- etherip Cisco IOS XE

IP Encapsulation Release 3.1S

Eudora-Set TCP/UDP 592 Eudora Set eudora-set Cisco IOS XE

Release 3.1S

EXEC TCP/UDP 512 remote process exec Cisco IOS XE

execution Release 3.1S

Fatserv TCP/UDP 347 Fatmen Server fatserv Cisco IOS XE

Release 3.1S

FC TCP/UDP 133 Fibre Channel fc Cisco IOS XE

Release 3.1S

FCP TCP/UDP 510 FirstClass fcp Cisco IOS XE

Protocol Release 3.1S

Finger TCP/UDP 79 Finger finger Cisco IOS XE

Release 3.1S

FIRE TCP/UDP 125 FIRE fire Cisco IOS XE

Release 3.1S

FlexLM TCP/UDP 744 Flexible License flexlm Cisco IOS XE

Manager Release 3.1S

FLN-SPX TCP/UDP 221 Berkeley rlogind fln-spx Cisco IOS XE

with SPX auth Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

33
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
FTP-Agent TCP/UDP 574 FTP Software ftp-agent Cisco IOS XE
Agent System Release 3.1S

FTP-Data TCP/UDP 20 FTP-Data ftp-data Cisco IOS XE

Release 3.1S

FTPS-Data TCP/UDP 989 ftp protocol, ftps-data Cisco IOS XE

data, over Release 3.1S
TLS/SSL

Fujitsu-Dev TCP/UDP 747 Fujitsu Device fujitsu-dev Cisco IOS XE

Control Release 3.1S

GACP TCP/UDP 190 Gateway Access gacp Cisco IOS XE

Control Protocol Release 3.1S

GDOMAP TCP/UDP 538 gdomap gdomap Cisco IOS XE

Release 3.1S

Genie TCP/UDP 402 Genie Protocol genie Cisco IOS XE

Release 3.1S

Genrad- TCP/UDP 176 Genrad-mux genrad-mux Cisco IOS XE

MUX Release 3.1S

GGF-NCP TCP/UDP 678 GNU Generation ggf-ncp Cisco IOS XE

Foundation NCP Release 3.1S

GGP TCP/UDP 3 Gateway-to- ggp Cisco IOS XE

Gateway Release 3.1S

Ginad TCP/UDP 634 ginad ginad Cisco IOS XE

Release 3.1S

GMTP TCP/UDP 100 GMTP gmtp Cisco IOS XE

Release 3.1S

Go-Login TCP/UDP 491 Go-login go-login Cisco IOS XE

Release 3.1S

Gopher TCP/UDP 70 Gopher gopher Cisco IOS XE

Release 3.1S

Graphics TCP/UDP 41 Graphics graphics Cisco IOS XE

Release 3.1S

GRE TCP/UDP 47 General Routing gre Cisco IOS XE

Encapsulation Release 3.1S

GRIDFTP - - File Transfer gridftp Cisco IOS XE

Protocol over the Release 3.5S
Grid

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

34
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Groove TCP/UDP 2492 Groove groove Cisco IOS XE
Release 3.1S

GSS-HTTP TCP/UDP 488 gss-http gss-http Cisco IOS XE

Release 3.1S

GSS- TCP/UDP 128 GNU Generation gss-xlicen Cisco IOS XE

XLICEN Foundation NCP Release 3.1S

gtalk-chat - - Instant gtalk-chat Cisco IOS XE

messaging Release 3.5S
between Google
Talk servers and
its clients

GTP-User TCP/UDP 2152 GTP-User Plane gtp-user Cisco IOS XE

Release 3.1S

HA-Cluster TCP/UDP 694 ha-cluster ha-cluster Cisco IOS XE

Release 3.1S

HAP TCP/UDP 661 hap hap Cisco IOS XE

Release 3.1S

Hassle TCP/UDP 375 Hassle hassle Cisco IOS XE

Release 3.1S

HCP- TCP/UDP 686 Hardware hcp-wismar Cisco IOS XE

Wismar Control Protocol Release 3.1S
Wismar

HDAP TCP/UDP 263 hdap hdap Cisco IOS XE

Release 3.1S

Hello-port TCP/UDP 652 HELLO_PORT hello-port Cisco IOS XE

Release 3.1S

HEMS TCP/UDP 151 hems hems Cisco IOS XE

Release 3.1S

HIP TCP/UDP 139 Host Identity hip Cisco IOS XE

Protocol Release 3.1S

HMMP-IND TCP/UDP 612 HMMP hmmp-ind Cisco IOS XE

Indication Release 3.1S

HMMP-OP TCP/UDP 613 HMMP hmmp-op Cisco IOS XE

Operation Release 3.1S

HMP TCP/UDP 20 Host Monitoring hmp Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

35
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
HOPOPT TCP/UDP 0 IPv6 Hop-by- hopopt Cisco IOS XE
Hop Option Release 3.1S

Hostname TCP/UDP 101 NIC Host Name hostname Cisco IOS XE

Server Release 3.1S

HP-Alarm- TCP/UDP 383 HP performance hp-alarm-mgr Cisco IOS XE

Mgr data alarm Release 3.1S
manager

HP-Collector TCP/UDP 381 HP performance hp-collector Cisco IOS XE

data collector Release 3.1S

HP- TCP/UDP 382 HP performance hp-managed-node Cisco IOS XE

Managed- data managed Release 3.1S
Node node

HTTP-ALT TCP/UDP 8080 HTTP Alternate http-alt Cisco IOS XE

Release 3.1S

HTTP-Mgmt TCP/UDP 280 http-mgmt http-mgmt Cisco IOS XE

Release 3.1S

HTTP-RPC- TCP/UDP 593 HTTP RPC Ep http-rpc-epmap Cisco IOS XE

EPMAP Map Release 3.1S

Hybrid-POP TCP/UDP 473 Hybrid-pop hybrid-pop Cisco IOS XE

Release 3.1S

Hyper-G TCP/UDP 418 Hyper-g hyper-g Cisco IOS XE

Release 3.1S

Hyperwave- TCP/UDP 692 Hyperwave-isp hyperwave-isp Cisco IOS XE

ISP Release 3.1S

IAFDBase TCP/UDP 480 iafdbase iafdbase Cisco IOS XE

Release 3.1S

IAFServer TCP/UDP 479 iafserver iafserver Cisco IOS XE

Release 3.1S

IASD TCP/UDP 432 iasd iasd Cisco IOS XE

Release 3.1S

IATP TCP/UDP 117 Interactive iatp Cisco IOS XE

Agent Transfer Release 3.1S
Protocol

IBM-App 385 IBM Application ibm-app Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

36
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
IBM-DB2 TCP/UDP 523 IBM-DB2 ibm-db2 Cisco IOS XE
Release 3.1S

IBProtocol TCP/UDP 6714 Internet ibprotocol Cisco IOS XE

Backplane Release 3.1S
Protocol

ICLCNet- TCP/UDP 886 ICL coNETion iclcnet-locate Cisco IOS XE

Locate locate server Release 3.1S

ICLNet_SVI TCP/UDP 887 ICL coNETion iclcnet_svinfo Cisco IOS XE

nfo server info Release 3.1S

ICMP TCP/UDP 1 Internet Control icmp Cisco IOS XE

Message Release 3.1S

IDFP TCP/UDP 549 idfp idfp Cisco IOS XE

Release 3.1S

IDPR TCP/UDP 35 Inter-Domain idpr Cisco IOS XE

Policy Routing Release 3.1S
Protocol

IDPRr- TCP/UDP 38 IDPR Control idpr-cmtp Cisco IOS XE

CMTP Message Release 3.1S
Transport
Protocol

IDRP TCP/UDP 45 Inter-Domain idrp Cisco IOS XE

Routing Protocol Release 3.1S

IEEE-MMS TCP/UDP 651 ieee-mms ieee-mms Cisco IOS XE

Release 3.1S

IEEE-MMS- TCP/UDP 695 ieee-mms-ssl ieee-mms-ssl Cisco IOS XE

SSL Release 3.1S

IFMP TCP/UDP 101 Ipsilon Flow ifmp Cisco IOS XE

Management Release 3.1S
Protocol

IGRP TCP/UDP 9 Cisco interior igrp Cisco IOS XE

gateway Release 3.1S

IIOP TCP/UDP 535 iiop iiop Cisco IOS XE

Release 3.1S

IL TCP/UDP 40 IL Transport il Cisco IOS XE

Protocol Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

37
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
IMSP TCP/UDP 406 Interactive Mail imsp Cisco IOS XE
Support Protocol Release 3.1S

InBusiness TCP/UDP 244 Inbusiness inbusiness Cisco IOS XE

Release 3.1S

Infoseek TCP/UDP 414 InfoSeek infoseek Cisco IOS XE

Release 3.1S

Ingres-Net TCP/UDP 134 INGRES-NET ingres-net Cisco IOS XE

Service Release 3.1S

I-NLSP TCP/UDP 52 Integrated Net i-nlsp Cisco IOS XE

Layer Security Release 3.1S
TUBA

Intecourier TCP/UDP 495 Intecourier intecourier Cisco IOS XE

Release 3.1S

Integra-SME TCP/UDP 484 Integra Software integra-sme Cisco IOS XE

Management Release 3.1S
Environment

Intrinsia TCP/UDP 503 intrinsa intrinsa Cisco IOS XE

Release 3.1S

IPCD TCP/UDP 576 ipcd ipcd Cisco IOS XE

Release 3.1S

IPComp TCP/UDP 108 IP Payload ipcomp Cisco IOS XE

Compression Release 3.1S
Protocol

IPCServer TCP/UDP 600 Sun IPC server ipcserver Cisco IOS XE

Release 3.1S

IPCV TCP/UDP 71 Internet Packet ipcv Cisco IOS XE

Core Utility Release 3.1S

IPDD TCP/UDP 578 ipdd ipdd Cisco IOS XE

Release 3.1S

IPINIP TCP/UDP 4 IP in IP ipinip Cisco IOS XE

Release 3.1S

IPIP TCP/UDP 94 IP-within-IP ipip Cisco IOS XE

Encapsulation Release 3.1S
Protocol

IPLT TCP/UDP 129 IPLT iplt Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

38
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
IPP TCP/UDP 631 Internet Printing ipp Cisco IOS XE
Protocol Release 3.1S

IPPC TCP/UDP 67 Internet Pluribus ippc Cisco IOS XE

Packet Core Release 3.1S

Ipv6-Frag TCP/UDP 44 Fragment ipv6-frag Cisco IOS XE

Header for IPv6 Release 3.1S

Ipv6-ICMP TCP/UDP 58 ICMP for IPv6 ipv6-icmp Cisco IOS XE

Release 3.1S

Ipv6INIP TCP/UDP 41 Ipv6 ipv6inip Cisco IOS XE

encapsulated Release 3.1S

ipv6-NonXT TCP/UDP 59 No Next Header ipv6-nonxt Cisco IOS XE

for IPv6 Release 3.1S

Ipv6-OPTS TCP/UDP 60 Destination ipv6-opts Cisco IOS XE

Options for IPv6 Release 3.1S

Ipv6-Route TCP/UDP 43 Routing Header ipv6-route Cisco IOS XE

for IPv6 Release 3.1S

IRC TCP/UDP 194 Internet Relay irc Cisco IOS XE

Chat Release 3.1S

IRC-SERV TCP/UDP 529 IRC-SERV irc-serv Cisco IOS XE

Release 3.1S

IRTP TCP/UDP 28 Internet Reliable irtp Cisco IOS XE

Transaction Release 3.1S

IS99C TCP/UDP 379 TIA/EIA/IS-99 is99c Cisco IOS XE

modem client Release 3.1S

IS99S TCP/UDP 380 TIA/EIA/IS-99 is99s Cisco IOS XE

modem server Release 3.1S

ISAKMP UDP 500, 4500 Internet Security isakmp Cisco IOS XE

Association & Release 3.1S
Key
Management
Protocol

ISI-GI TCP/UDP 55 ISI Graphics isi-gl Cisco IOS XE

Language Release 3.1S

ISIS TCP/UDP 124 ISIS over IPv4 isis Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

39
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
ISO-ILL TCP/UDP 499 ISO ILL iso-ill Cisco IOS XE
Protocol Release 3.1S

ISO-IP TCP/UDP 147 iso-ip iso-ip Cisco IOS XE

Release 3.1S

ISO-TP0 TCP/UDP 146 iso-tp0 iso-tp0 Cisco IOS XE

Release 3.1S

ISO-TP4 TCP/UDP 29 ISO Transport iso-tp4 Cisco IOS XE

Protocol Class 4 Release 3.1S

ISO-TSAP TCP/UDP 102 ISO-TSAP Class iso-tsap Cisco IOS XE

0 Release 3.1S

ISO-TSAP- TCP/UDP 399 ISO Transport iso-tsap-c2 Cisco IOS XE

C2 Class 2 Non- Release 3.1S
Control

ITM- TCP/UDP 828 itm-mcell-s itm-mcell-s Cisco IOS XE

MCELL-S Release 3.1S

IXP-IN-IP TCP/UDP 111 IPX in IP ixp-in-ip Cisco IOS XE

Release 3.1S

Jargon TCP/UDP 148 Jargon jargon Cisco IOS XE

Release 3.1S

Kali TCP/UDP 2213 Kali kali Cisco IOS XE

Release 3.1S
K-Block TCP/UDP 287 K-block k-block Cisco IOS XE
Release 3.1S

Keyserver TCP/UDP 584 Key Server keyserver Cisco IOS XE

Release 3.1S

KIS TCP/UDP 186 KIS Protocol kis Cisco IOS XE

Release 3.1S

Klogin TCP/UDP 543 klogin klogin Cisco IOS XE

Release 3.1S

Knet-CMP TCP/UDP 157 KNET/VM knet-cmp Cisco IOS XE

Command/ Release 3.1S
Message
Protocol

Konspire2b TCP/UDP 6085 Konspire2b p2p Konspire2b Cisco IOS XE

network Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

40
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Kpasswd TCP/UDP 464 Kpasswd kpasswd Cisco IOS XE
Release 3.1S

Kryptolan TCP/UDP 398 Kryptolan kryptolan Cisco IOS XE

Release 3.1S

Kshell TCP/UDP 544 Kshell kshell Cisco IOS XE

Release 3.1S

L2TP TCP/UDP 1701 l2tp l2tp Cisco IOS XE

Release 3.1S

LA-Maint TCP/UDP 51 IMP Logical la-maint Cisco IOS XE

Address Release 3.1S
Maintenance

LANServer TCP/UDP 637 lanserver lanserver Cisco IOS XE

Release 3.1S

LARP TCP/UDP 91 Locus Address larp Cisco IOS XE

Resolution Release 3.1S
Protocol

LDAP TCP/UDP 389 Lightweight ldap Cisco IOS XE

Directory Release 3.1S
Access Protocol

LDP TCP/UDP 646 LDP ldp Cisco IOS XE

Release 3.1S

Leaf-1 TCP/UDP 25 Leaf-1 leaf-1 Cisco IOS XE

Release 3.1S

Leaf-2 TCP/UDP 26 Leaf-2 leaf-2 Cisco IOS XE

Release 3.1S

Legent-1 TCP/UDP 373 Legent legent-1 Cisco IOS XE

Corporation Release 3.1S

Legent-2 TCP/UDP 374 Legent legent-2 Cisco IOS XE

Corporation Release 3.1S

LJK-Login TCP/UDP 472 ljk-login ljk-login Cisco IOS XE

Release 3.1S

Lockd TCP/UDP 4045 NFS Lock lockd Cisco IOS XE

Daemon Release 3.1S
Manager

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

41
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Locus-Con TCP/UDP 127 Locus PC- locus-con Cisco IOS XE
Interface Conn Release 3.1S
Server

Locus-Map TCP/UDP 125 Locus PC- locus-map Cisco IOS XE

Interface Net Release 3.1S
Map Ser

MAC- TCP/UDP 660 MacOS Server mac-srvr-admin Cisco IOS XE

SRVR- Admin Release 3.1S
Admin

Magenta- TCP/UDP 313 Magenta-logic magenta-logic Cisco IOS XE

Logic Release 3.1S

Mailbox-LM TCP/UDP 505 Mailbox-lm mailbox-lm Cisco IOS XE

Release 3.1S

Mailq TCP/UDP 174 MAILQ mailq Cisco IOS XE

Release 3.1S

Maitrd TCP/UDP 997 Maitrd maitrd Cisco IOS XE

Release 3.1S

MANET TCP/UDP 138 MANET manet Cisco IOS XE

Protocols Release 3.1S

MasqDialer TCP/UDP 224 Masqdialer masqdialer Cisco IOS XE

Release 3.1S

Matip-Type- TCP/UDP 350 MATIP Type A matip-type-a Cisco IOS XE

A Release 3.1S

Matip-Type- TCP/UDP 351 MATIP Type B matip-type-b Cisco IOS XE

B Release 3.1S

MCIDAS TCP/UDP 112 McIDAS Data mcidas Cisco IOS XE

Transmission Release 3.1S
Protocol

MCNS-Sec TCP/UDP 638 mcns-sec mcns-sec Cisco IOS XE

Release 3.1S

MDC- TCP/UDP 685 mdc-portmapper mdc-portmapper Cisco IOS XE

Portmapper Release 3.1S

MeComm TCP/UDP 668 MeComm mecomm Cisco IOS XE

Release 3.1S

MeRegister TCP/UDP 669 MeRegister meregister Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

42
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Merit-INP TCP/UDP 32 MERIT merit-inp Cisco IOS XE
Internodal Release 3.1S
Protocol

Meta5 TCP/UDP 393 Meta5 meta5 Cisco IOS XE

Release 3.1S

Metagram TCP/UDP 99 Metagram metagram Cisco IOS XE

Release 3.1S

Meter TCP/UDP 570 Meter meter Cisco IOS XE

Release 3.1S

Mfcobol TCP/UDP 86 Micro Focus mfcobol Cisco IOS XE

Cobol Release 3.1S

MFE-NSP TCP/UDP 31 MFE Network mfe-nsp Cisco IOS XE

Services Release 3.1S
Protocol

MFTP TCP/UDP 349 mftp mftp Cisco IOS XE

Release 3.1S

Micom-PFS TCP/UDP 490 Micom-pfs micom-pfs Cisco IOS XE

Release 3.1S

MICP TCP/UDP 95 Mobile micp Cisco IOS XE

Internetworking Release 3.1S
Control Pro.

Micromuse- TCP/UDP 1534 micromuse-lm micromuse-lm Cisco IOS XE

LM Release 3.1S

MIT-DOV TCP/UDP 91 MIT Dover mit-dov Cisco IOS XE

Spooler Release 3.1S

MIT-ML- TCP/UDP 83 MIT ML Device mit-ml-dev Cisco IOS XE

Dev Release 3.1S

Mobile TCP/UDP 55 IP Mobility mobile Cisco IOS XE

Release 3.1S

MobileIP- TCP/UDP 434 mobileip-agent mobileip-agent Cisco IOS XE

Agent Release 3.1S

MobilIP-MN TCP/UDP 435 mobilip-mn mobilip-mn Cisco IOS XE

Release 3.1S

Mondex TCP/UDP 471 Mondex mondex Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

43
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Monitor TCP/UDP 561 Monitor monitor Cisco IOS XE
Release 3.1S

Mortgagewar TCP/UDP 367 Mortgageware mortgageware Cisco IOS XE

e Release 3.1S

MPLS-IN-IP TCP/UDP 137 MPLS-in-IP mpls-in-ip Cisco IOS XE

Release 3.1S

MPM TCP/UDP 45 Message mpm Cisco IOS XE

Processing Release 3.1S
Module

MPM-Flags TCP/UDP 44 MPM FLAGS mpm-flags Cisco IOS XE

Protocol Release 3.1S

MPM-SND TCP/UDP 46 MPM [default mpm-snd Cisco IOS XE

send] Release 3.1S

MPP TCP/UDP 218 Netix Message mpp Cisco IOS XE

Posting Protocol Release 3.1S

MPTN TCP/UDP 397 Multi Protocol mptn Cisco IOS XE

Transport Release 3.1S
Network

MRM TCP/UDP 679 mrm mrm Cisco IOS XE

Release 3.1S

MSDP TCP/UDP 639 msdp msdp Cisco IOS XE

Release 3.1S

MSExch- TCP/UDP 691 MS Exchange msexch-routing Cisco IOS XE

Routing Routing Release 3.1S

MSFT-GC TCP/UDP 3268 Microsoft msft-gc Cisco IOS XE

Global Catalog Release 3.1S

MSFT-GC- TCP/UDP 3269 Microsoft msft-gc-ssl Cisco IOS XE

SSL Global Catalog Release 3.1S
with LDAP/SSL

MSG-AUTH TCP/UDP 31 msg-auth msg-auth Cisco IOS XE

Release 3.1S

MSG-ICP TCP/UDP 29 msg-icp msg-icp Cisco IOS XE

Release 3.1S

MSNP TCP/UDP 1863 msnp msnp Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

44
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
MS-OLAP TCP/UDP 2393 Microsoft OLAP ms-olap Cisco IOS XE
Release 3.1S

MSP TCP/UDP 18 Message Send msp Cisco IOS XE

Protocol Release 3.1S

MS-Rome TCP/UDP 569 Microsoft rome ms-rome Cisco IOS XE

Release 3.1S

MS-Shuttle TCP/UDP 568 Microsoft shuttle ms-shuttle Cisco IOS XE

Release 3.1S

MS-wbt TCP 3389/ Microsoft ms-wbt Cisco IOS XE

Heuristic Windows-based Release 3.4S
Terminal
Services

MS-SQLl-M TCP/UDP 1434 Microsoft-SQL- ms-sql-m Cisco IOS XE

Monitor Release 3.1S

MTP TCP/UDP 92 Multicast mtp Cisco IOS XE

Transport Release 3.1S
Protocol

Multiling- TCP/UDP 777 Multiling HTTP multiling-http Cisco IOS XE

HTTP Release 3.1S

Multiplex TCP/UDP 171 Network multiplex Cisco IOS XE

Innovations Release 3.1S
Multiplex

Mumps TCP/UDP 188 Plus Fives mumps Cisco IOS XE

MUMPS Release 3.1S

MUX TCP/UDP 18 Multiplexing mux Cisco IOS XE

Release 3.1S

Mylex- TCP/UDP 467 mylex-mapd mylex-mapd Cisco IOS XE

MAPD Release 3.1S

MySQL TCP/UDP 3306 MySQL mysql Cisco IOS XE

Release 3.1S

Name TCP/UDP 42 Host Name name Cisco IOS XE

Server Release 3.1S

NAMP TCP/UDP 167 namp namp Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

45
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
NARP TCP/UDP 54 NBMA Address narp Cisco IOS XE
Resolution Release 3.1S
Protocol

NAS TCP/UDP 991 Netnews nas Cisco IOS XE

Administration Release 3.1S
System

NCED TCP/UDP 404 nced nced Cisco IOS XE

Release 3.1S

NCLD TCP/UDP 405 ncld ncld Cisco IOS XE

Release 3.1S

NCP TCP/UDP 524 NCP ncp Cisco IOS XE

Release 3.1S

NDSAuth TCP/UDP 353 NDSAUTH ndsauth Cisco IOS XE

Release 3.1S

Nest- TCP/UDP 489 Nest-protocol nest-protocol Cisco IOS XE

Protocol Release 3.1S

Net8-CMAN TCP/UDP 1830 Oracle Net8 net8-cman Cisco IOS XE

CMan Admin Release 3.1S

Net- TCP/UDP 3283 net-assistant net-assistant Cisco IOS XE

Assistant Release 3.1S

Netblt TCP/UDP 30 Bulk Data netblt Cisco IOS XE

Transfer Release 3.1S
Protocol

NetGW TCP/UDP 741 netgw netgw Cisco IOS XE

Release 3.1S

NetNews TCP/UDP 532 readnews netnews Cisco IOS XE

Release 3.1S

NetRCS TCP/UDP 742 Network based netrcs Cisco IOS XE

RCS Release 3.1S

NetRJS-1 TCP/UDP 71 Remote Job netrjs-1 Cisco IOS XE

Service Release 3.1S

NetRJS-2 TCP/UDP 72 Remote Job netrjs-2 Cisco IOS XE

Service Release 3.1S

NetRJS-3 TCP/UDP 73 Remote Job netrjs-3 Cisco IOS XE

Service Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

46
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
NetRJS-4 TCP/UDP 74 Remote Job netrjs-4 Cisco IOS XE
Service Release 3.1S

NETSC-Dev TCP/UDP 155 NETSC netsc-dev Cisco IOS XE

Release 3.1S

NETSC-Prod TCP/UDP 154 NETSC netsc-prod Cisco IOS XE

Release 3.1S

NetViewDM TCP/UDP 729 IBM NetView M netviewdm1 Cisco IOS XE

1 Release 3.1S

NetviewDM TCP/UDP 730 IBM NetView netviewdm2 Cisco IOS XE

2 DM Release 3.1S

NetviewDM TCP/UDP 731 IBM NetView netviewdm3 Cisco IOS XE

3 DM Release 3.1S

Netwall TCP/UDP 533 for emergency netwall Cisco IOS XE

broadcasts Release 3.1S

Netware-IP TCP/UDP 396 Novell Netware netware-ip Cisco IOS XE

over IP Release 3.1S

New-RWHO TCP/UDP 550 new who new-rwho Cisco IOS XE

Release 3.1S

NextStep TCP/UDP 178 NextStep nextstep Cisco IOS XE

Window Server Release 3.1S

NFS TCP/UDP 2049 Network File nfs Cisco IOS XE

System Release 3.1S

NicName TCP/UDP 43 Who Is nicname Cisco IOS XE

Release 3.1S

NI-FTP TCP/UDP 47 NI FTP ni-ftp Cisco IOS XE

Release 3.1S

NI-Mail TCP/UDP 61 NI MAIL ni-mail Cisco IOS XE

Release 3.1S

Nlogin TCP/UDP 758 nlogin nlogin Cisco IOS XE

Release 3.1S

NMAP TCP/UDP 689 nmap nmap Cisco IOS XE

Release 3.1S

NMSP TCP/UDP 537 Networked nmsp Cisco IOS XE

Media Release 3.1S
Streaming
Protocol

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

47
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
NNSP TCP/UDP 433 nnsp nnsp Cisco IOS XE
Release 3.1S

Notes TCP/UDP 1352 Lotus Notes(R) notes Cisco IOS XE

Release 3.1S

NovaStorBa TCP/UDP 308 Novastor novastorbakcup Cisco IOS XE

kcup Backup Release 3.1S

NPMP-GUI TCP/UDP 611 npmp-gui npmp-gui Cisco IOS XE

Release 3.1S

NPMP-Local TCP/UDP 610 npmp-local npmp-local Cisco IOS XE

Release 3.1S

NPMP-Trap TCP/UDP 609 npmp-trap npmp-trap Cisco IOS XE

Release 3.1S

NPP TCP/UDP 92 Network npp Cisco IOS XE

Printing Protocol Release 3.1S

NQS TCP/UDP 607 nqs nqs Cisco IOS XE

Release 3.1S

NS TCP/UDP 760 ns ns Cisco IOS XE

Release 3.1S

NSFNET- TCP/UDP 85 NSFNET-IGP nsfnet-igp Cisco IOS XE

IGP Release 3.1S

NSIIOPS TCP/UDP 261 IIOP Name nsiiops Cisco IOS XE

Service over Release 3.1S
TLS/SSL

NSRMP TCP/UDP 359 Network nsrmp Cisco IOS XE

Security Risk Release 3.1S
Management
Protocol

NSS-Routing TCP/UDP 159 NSS-Routing nss-routing Cisco IOS XE

Release 3.1S

NSW-FE TCP/UDP 27 NSW User nsw-fe Cisco IOS XE

System FE Release 3.1S

Ntalk TCP/UDP 518 Ntalk ntalk Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

48
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
NTP TCP/UDP 123 Network Time ntp Cisco IOS XE
Protocol Release 2.3 Cisco
IOS XE Release
3.1S

Cisco IOS XE Release NVP-II TCP/UDP 11 Ne nvp-ii

3.1S tw
ork
Vo
ice
Pr
oto
col

NXEdit TCP/UDP 126 nxedit nxedit Cisco IOS XE

Release 3.1S

OBCBinder TCP/UDP 183 ocbinder ocbinder Cisco IOS XE

Release 3.1S

OBEX TCP/UDP 650 obex obex Cisco IOS XE

Release 3.1S

ObjCall TCP/UDP 94 Tivoli Object objcall Cisco IOS XE

Dispatcher Release 3.1S

OCS_AMU TCP/UDP 429 ocs_amu ocs_amu Cisco IOS XE

Release 3.1S

OCS_CMU TCP/UDP 428 ocs_cmu ocs_cmu Cisco IOS XE

Release 3.1S

OCServer TCP/UDP 184 ocserver ocserver Cisco IOS XE

Release 3.1S

ODMR TCP/UDP 366 odmr odmr Cisco IOS XE

Release 3.1S

OHIMSRV TCP/UDP 506 ohimsrv ohimsrv Cisco IOS XE

Release 3.1S

OLSR TCP/UDP 698 olsr olsr Cisco IOS XE

Release 3.1S

OMGInitialR TCP/UDP 900 omginitialrefs omginitialrefs Cisco IOS XE

efs Release 3.1S

OMServ TCP/UDP 764 omserv omserv Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

49
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
ONMUX TCP/UDP 417 onmux onmux Cisco IOS XE
Release 3.1S

Opalis-RDV TCP/UDP 536 Opalis-rdv opalis-rdv Cisco IOS XE

Release 3.1S

Opalis-Robot TCP/UDP 314 Opalis-robot opalis-robot Cisco IOS XE

Release 3.1S

OPC-Job- TCP/UDP 423 IBM Operations opc-job-start Cisco IOS XE

Start Planning and Release 3.1S
Control Start

OPC-Job- TCP/UDP 424 IBM Operations opc-job-track Cisco IOS XE

Track Planning and Release 3.1S
Control Track

Openport TCP/UDP 260 Openport openport Cisco IOS XE

Release 3.5S

OpenVMS- TCP/UDP 557 Openvms-sysipc openvms-sysipc Cisco IOS XE

Sysipc Release 3.1S

Open VPN - - Open VPN openvpn Cisco IOS XE

Protocol Release 3.5S

OracleName TCP/UDP 1575 Oraclenames oraclenames Cisco IOS XE

s Release 3.1S

OracleNet8C TCP/UDP 1630 Oracle Net8 oraclenet8cman Cisco IOS XE

MAN Cman Release 3.1S

ORA-Srv TCP/UDP 1525 Oracle TCP/IP ora-srv Cisco IOS XE

Listener Release 3.1S

Orbix- TCP/UDP 3076 Orbix 2000 orbix-config Cisco IOS XE

Config Config Release 3.1S

Orbix- TCP/UDP 3075 Orbix 2000 orbix-locator Cisco IOS XE

Locator Locator Release 3.1S

Orbix-Loc- TCP/UDP 3077 Orbix 2000 orbix-loc-ssl Cisco IOS XE

SSL Locator SSL Release 3.1S

OSPF TCP/UDP 89 Open Shortest ospf Cisco IOS XE

Path First Release 3.1S

OSU-NMS TCP/UDP 192 OSU Network osu-nms Cisco IOS XE

Monitoring Release 3.1S
System

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

50
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Parsec-Game TCP/UDP 6582 Parsec parsec-game Cisco IOS XE
Gameserver Release 3.1S

Passgo TCP/UDP 511 Passgo passgo Cisco IOS XE

Release 3.1S

Passgo- TCP/UDP 627 Passgo-tivoli passgo-tivoli Cisco IOS XE

Tivoli Release 3.1S

Password- TCP/UDP 586 Password password-chg Cisco IOS XE

Chg Change Release 3.1S

Pawserv TCP/UDP 345 Perf Analysis pawserv Cisco IOS XE

Workbench Release 3.1S

PCMail-SRV TCP/UDP 158 PCMail Server pcmail-srv Cisco IOS XE

Release 3.1S

PDAP TCP/UDP 344 Prospero Data pdap Cisco IOS XE

Access Protocol Release 3.1S

Personal-link TCP/UDP 281 Personal-link personal-link Cisco IOS XE

Release 3.1S

PFTP TCP/UDP 662 Parallel File pftp Cisco IOS XE

Transfer Release 3.1S
Protocol

PGM TCP/UDP 113 PGM Reliable pgm Cisco IOS XE

Transport Release 3.1S
Protocol

Philips-VC TCP/UDP 583 Philips Video- philips-vc Cisco IOS XE

Conferencing Release 3.1S

Phonebook TCP/UDP 767 Phone phonebook Cisco IOS XE

Release 3.1S

Photuris TCP/UDP 468 Photuris photuris Cisco IOS XE

Release 3.1S

PIM TCP/UDP 103 Protocol pim Cisco IOS XE

Independent Release 3.1S
Multicast

PIM-RP- TCP/UDP 496 PIM-RP-DISC pim-rp-disc Cisco IOS XE

DISC Release 3.1S

PIP TCP/UDP 1321 pip pip Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

51
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
PIPE TCP/UDP 131 Private IP pipe Cisco IOS XE
Encapsulation Release 3.1S
within IP

PIRP TCP/UDP 553 pirp pirp Cisco IOS XE

Release 3.1S

PKIX-3-CA- TCP/UDP 829 PKIX-3 CA/RA pkix-3-ca-ra Cisco IOS XE

RA Release 3.1S

PKIX- TCP/UDP 318 pkix-timestamp pkix-timestamp Cisco IOS XE

Timestamp Release 3.1S

PNNI TCP/UDP 102 PNNI over IP pnni Cisco IOS XE

Release 3.1S

Pop2 TCP/UDP 109 Post Office pop2 Cisco IOS XE

Protocol - Release 3.1S
Version 2

Pop3 TCP/UDP 110, Post Office pop3 Cisco IOS XE

Heuristic Protocol 3 Release 3.1S

POV-Ray TCP/UDP 494 pov-ray pov-ray Cisco IOS XE

Release 3.1S

Powerburst TCP/UDP 485 Air Soft Power powerburst Cisco IOS XE

Burst Release 3.1S

PPStream TCP/UDP Heuristic P2P TV ppstream Cisco IOS XE

Application Release 3.1S

PPTP TCP/UDP 1723 Point-to-Point pptp Cisco IOS XE

Tunneling Release 3.1S
Protocol

Cisco IOS XE Release Printer TCP/UDP 515 sp printer

3.1S ool
er

Print-SRV TCP/UDP 170 Network print-srv Cisco IOS XE

PostScript Release 3.1S

PRM TCP/UDP 21 Packet Radio prm Cisco IOS XE

Measurement Release 3.1S

PRM-NM TCP/UDP 409 Prospero prm-nm Cisco IOS XE

Resource Release 3.1S
Manager Node
Man

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

52
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
PRM-SM TCP/UDP 408 Prospero prm-sm Cisco IOS XE
Resource Release 3.1S
Manager Sys.
Man

Profile TCP/UDP 136 PROFILE profile Cisco IOS XE

Naming System Release 3.1S

Prospero TCP/UDP 191 Prosper prospero Cisco IOS XE

Directory Release 3.1S
Service

PTCNameSe TCP/UDP 597 PTC Name ptcnameservice Cisco IOS XE

rvice Service Release 3.1S

PTP TCP/UDP 123 Performance ptp Cisco IOS XE

Transparency Release 3.1S
Protocol

PTP-Event TCP/UDP 319 PTP Event ptp-event Cisco IOS XE

Release 3.1S

PTP-General TCP/UDP 320 PTP General ptp-general Cisco IOS XE

Release 3.1S

Pump TCP/UDP 751 Pump pump Cisco IOS XE

Release 3.1S

PUP TCP/UDP 12 PUP pup Cisco IOS XE

Release 3.1S

Purenoise TCP/UDP 663 purenoise purenoise Cisco IOS XE

Release 3.1S

PVP TCP/UDP 75 Packet Video pvp Cisco IOS XE

Protocol Release 3.1S

PWDGen TCP/UDP 129 Password pwdgen Cisco IOS XE

Generator Release 3.1S
Protocol

QBIKGDP TCP/UDP 368 qbikgdp qbikgdp Cisco IOS XE

Release 3.1S

QFT TCP/UDP 189 Queued File qft Cisco IOS XE

Transport Release 3.1S

QMQP TCP/UDP 628 qmqp qmqp Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

53
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
QMTP TCP/UDP 209 The Quick Mail qmtp Cisco IOS XE
Transfer Release 3.1S
Protocol

QNX TCP/UDP 106 QNX qnx Cisco IOS XE

Release 3.1S

QoTD TCP/UDP 17 Quote of the qotd Cisco IOS XE

Day Release 3.1S

QRH TCP/UDP 752 qrh qrh Cisco IOS XE

Release 3.1S

QUOTD TCP/UDP 762 quotad quotad Cisco IOS XE

Release 3.1S

RAP TCP/UDP 38 Route Access rap Cisco IOS XE

Protocol Release 3.1S

RCMD TCP 512-514 BSD r- rcmd Cisco IOS XE

commands Release 3.3S

RCP TCP/UDP 469 Radio Control rcp Cisco IOS XE

Protocol Release 2.3 Cisco
IOS XE Release
3.1S

RDA TCP/UDP 630 rda rda Cisco IOS XE

Release 3.1S

RDB-DBS- TCP/UDP 1571 Oracle Remote rdb-dbs-disp Cisco IOS XE

DISP Data Base Release 3.1S

RDP TCP/UDP 27 Reliable Data rdp Cisco IOS XE

Protocol Release 3.1S

Realm- TCP/UDP 688 ApplianceWare realm-rusd Cisco IOS XE

RUSD managment Release 3.1S
protocol

RE-Mail-CK TCP/UDP 50 Remote Mail re-mail-ck Cisco IOS XE

Checking Release 3.1S
Protocol

RemoteFS TCP/UDP 556 rfs server remotefs Cisco IOS XE

Release 3.1S

Remote-KIS TCP/UDP 185 Remote-kis remote-kis Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

54
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
REPCMD TCP/UDP 641 repcmd repcmd Cisco IOS XE
Release 3.1S

REPSCMD TCP/UDP 653 repscmd repscmd Cisco IOS XE

Release 3.1S

RESCAP TCP/UDP 283 rescap rescap Cisco IOS XE

Release 3.1S

RIP TCP/UDP 520 Routing rip Cisco IOS XE

Information Release 3.1S
Protocol

RIPING TCP/UDP 521 ripng ripng Cisco IOS XE

Release 3.1S

RIS TCP/UDP 180 Intergraph ris Cisco IOS XE

Release 3.1S

RIS-CM TCP/UDP 748 Russell Info Sci ris-cm Cisco IOS XE

Calendar Release 3.1S
Manager

RJE TCP/UDP 5 Remote Job rje Cisco IOS XE

Entry Release 3.1S

RLP TCP/UDP 39 Resource rlp Cisco IOS XE

Location Release 3.1S
Protocol

RLZDBASE TCP/UDP 635 rlzdbase rlzdbase Cisco IOS XE

Release 3.1S

RMC TCP/UDP 657 rmc rmc Cisco IOS XE

Release 3.1S

RMIActivati TCP/UDP 1098 rmiactivation rmiactivation Cisco IOS XE

on Release 3.1S

RMIRegistry TCP/UDP 1099 rmiregistry rmiregistry Cisco IOS XE

Release 3.1S

RMonitor TCP/UDP 560 Rmonitord rmonitor Cisco IOS XE

Release 3.1S

RMT TCP/UDP 411 Remote MT rmt Cisco IOS XE

Protocol Release 3.1S

RPC2Portma TCP/UDP 369 rpc2portmap rpc2portmap Cisco IOS XE

p Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

55
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
RRH TCP/UDP 753 rrh rrh Cisco IOS XE
Release 3.1S

RRP TCP/UDP 648 Registry rrp Cisco IOS XE

Registrar Release 3.1S
Protocol

RSH-SPX TCP/UDP 222 Berkeley rshd rsh-spx Cisco IOS XE

with SPX auth Release 3.1S

RSVD TCP/UDP 168 rsvd rsvd Cisco IOS XE

Release 3.1S

RSVP_Tunn TCP/UDP 363 rsvp_tunnel rsvp_tunnel Cisco IOS XE

el Release 3.1S

RSVP-E2E- TCP/UDP 134 RSVP-E2E- rsvp-e2e-ignore Cisco IOS XE

Ignore IGNORE Release 3.1S

Rsync TCP/UDP 873 Rsync rsync Cisco IOS XE

Release 3.1S

RTelnet TCP/UDP 107 Remote Telnet rtelnet Cisco IOS XE

Service Release 2.3 Cisco
IOS XE Release
3.1S

RTIP TCP/UDP 771 rtip rtip Cisco IOS XE

Release 3.1S

RTMP TCP Heuristic Real Time rtmp Cisco IOS XE

Messaging Release 3.4S
Protocol

RTSPS TCP/UDP 322 RTSPS rtsps Cisco IOS XE

Release 3.1S

Rushd TCP/UDP 696 Rushd rushd Cisco IOS XE

Release 3.1S

RVD TCP/UDP 66 MIT Remote rvd Cisco IOS XE

Virtual Disk Release 3.1S
Protocol

RXE TCP/UDP 761 rxe rxe Cisco IOS XE

Release 3.1S

SAFT TCP/UDP 487 saft Simple saft Cisco IOS XE

Asynchronous Release 3.1S
File Transfer

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

56
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Sanity TCP/UDP 643 Sanity sanity Cisco IOS XE
Release 3.1S

SAT- TCP/UDP 64 SATNET and sat-expak Cisco IOS XE

EXPAK Backroom Release 3.1S
EXPAK

SAT-Mon TCP/UDP 69 SATNET sat-mon Cisco IOS XE

Monitoring Release 3.1S

SCC- TCP/UDP 582 scc-security scc-security Cisco IOS XE

Security Release 3.1S

SCC-SP TCP/UDP 96 Semaphore scc-sp Cisco IOS XE

Communications Release 3.1S
Sec. Pro.

SCO-DTMgr TCP/UDP 617 SCO Desktop sco-dtmgr Cisco IOS XE

Administration Release 3.1S
Server

SCOHELP TCP/UDP 457 scohelp scohelp Cisco IOS XE

Release 3.1S

SCOI2ODial TCP/UDP 360 scoi2odialog scoi2odialog Cisco IOS XE

og Release 3.1S

SCO- TCP/UDP 615 Internet sco-inetmgr Cisco IOS XE

Inetmgr Configuration Release 3.1S
Manager

SCO- TCP/UDP 616 SCO System sco-sysmgr Cisco IOS XE

SysMgr Administration Release 3.1S
Server

SCO- TCP/UDP 598 SCO Web sco-websrvrmg3 Cisco IOS XE

WebsrvrMg3 Server Manager Release 3.1S
3

SCO- TCP/UDP 620 SCO WebServer sco-websrvrmgr Cisco IOS XE

WebsrvrMgr Manager Release 3.1S

SCPS TCP/UDP 105 SCPS scps Cisco IOS XE

Release 3.1S
SCTP TCP/UDP 132 Stream Control sctp Cisco IOS XE
Transmission Release 3.1S
Protocol

SCX-Proxy TCP/UDP 470 scx-proxy scx-proxy Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

57
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
SDNSKMP TCP/UDP 558 SDNSKMP sdnskmp Cisco IOS XE
Release 3.1S

SDRP TCP/UDP 42 Source Demand sdrp Cisco IOS XE

Routing Protocol Release 3.1S

Secure-ftp TCP/UDP 990 ftp protocol, secure-ftp Cisco IOS XE

control, over Release 3.1S
TLS/SSL

Secure-IRC TCP/UDP 994 irc protocol over secure-irc Cisco IOS XE

TLS Release 3.1S

Secure- TCP/UDP 636 ldap protocol secure-ldap Cisco IOS XE

LDAP over TLS Release 3.1S

Secure- TCP/UDP 563 nntp protocol secure-nntp Cisco IOS XE

NNTP over TLS Release 3.1S

Secure-Pop3 TCP/UDP 995 pop3 protocol secure-pop3 Cisco IOS XE

over TLS Release 3.1S

Secure- TCP/UDP 992 telnet protocol secure-telnet Cisco IOS XE

Telnet over TLS Release 3.1S

Secure- TCP/UDP 82 SECURE- secure-vmtp Cisco IOS XE

VMTP VMTP Release 3.1S

Semantix TCP/UDP 361 Semantix semantix Cisco IOS XE

Release 3.1S

Send TCP/UDP 169 SEND send Cisco IOS XE

Release 3.1S

Server-IPX TCP/UDP 213 Internetwork server-ipx Cisco IOS XE

Packet Exchange Release 3.1S
Protocol

Servstat TCP/UDP 633 Service Status servstat Cisco IOS XE

update Release 3.1S

SET TCP/UDP 257 Secure set Cisco IOS XE

Electronic Release 3.1S
Transaction

SFS-Config TCP/UDP 452 Cray SFS config sfs-config Cisco IOS XE

server Release 3.1S

SFS-SMP- TCP/UDP 451 Cray Network sfs-smp-net Cisco IOS XE

Net Semaphore Release 3.1S
server

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

58
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
SFTP TCP/UDP 115 Simple File sftp Cisco IOS XE
Transfer Release 3.1S
Protocol

SGCP TCP/UDP 440 sgcp sgcp Cisco IOS XE

Release 3.1S

SGMP TCP/UDP 153 sgmp sgmp Cisco IOS XE

Release 3.1S

SGMP-Traps TCP/UDP 160 sgmp-traps sgmp-traps Cisco IOS XE

Release 3.1S

Shockwave TCP/UDP 1626 Shockwave shockwave Cisco IOS XE

Release 3.1S

Shrinkwrap TCP/UDP 358 Shrinkwrap shrinkwrap Cisco IOS XE

Release 3.1S

SIAM TCP/UDP 498 siam siam Cisco IOS XE

Release 3.1S

SIFT-UFT TCP/UDP 608 Sender-Initiated/ sift-uft Cisco IOS XE

Unsolicited File Release 3.1S
Transfer

SILC TCP/UDP 706 silc silc Cisco IOS XE

Release 3.1S

SitaraDir TCP/UDP 2631 Sitaradir sitaradir Cisco IOS XE

Release 3.1S

SitaraMgmt TCP/UDP 2630 Sitaramgmt sitaramgmt Cisco IOS XE

Release 3.1S

Sitaraserver TCP/UDP 2629 sitaraserver sitaraserver Cisco IOS XE

Release 3.1S

SKIP TCP/UDP 57 SKIP skip Cisco IOS XE

Release 3.1S

SKRONK TCP/UDP 460 skronk skronk Cisco IOS XE

Release 3.1S

SM TCP/UDP 122 SM sm Cisco IOS XE

Release 3.1S

Smakynet TCP/UDP 122 Smakynet smakynet Cisco IOS XE

Release 3.1S

SmartSDP TCP/UDP 426 Smartsdp smartsdp Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

59
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
SMP TCP/UDP 121 Simple Message smp Cisco IOS XE
Protocol Release 3.1S

SMPNameR TCP/UDP 901 smpnameres smpnameres Cisco IOS XE

es Release 3.1S

SMSD TCP/UDP 596 smsd smsd Cisco IOS XE

Release 3.1S

SMSP TCP/UDP 413 Storage smsp Cisco IOS XE

Management Release 3.1S
Services
Protocol

SMUX TCP/UDP 199 SMUX smux Cisco IOS XE

Release 3.1S

SNAGas TCP/UDP 108 SNA Gateway snagas Cisco IOS XE

Access Server Release 3.1S

Snare TCP/UDP 509 Snare snare Cisco IOS XE

Release 3.1S

S-Net TCP/UDP 166 Sirius Systems s-net Cisco IOS XE

Release 3.1S

SNP TCP/UDP 109 Sitara Networks snp Cisco IOS XE

Protocol Release 3.1S

SNPP TCP/UDP 444 Simple Network snpp Cisco IOS XE

Paging Protocol Release 3.1S

SNTP- TCP/UDP 580 SNTP sntp-heartbeat Cisco IOS XE

Heartbeat HEARTBEAT Release 3.1S

SoftPC TCP/UDP 215 Insignia softpc Cisco IOS XE

Solutions Release 3.1S

Sonar TCP/UDP 572 Sonar sonar Cisco IOS XE

Release 3.1S

SPMP TCP/UDP 656 spmp spmp Cisco IOS XE

Release 3.1S

Sprite-RPC TCP/UDP 90 Sprite RPC sprite-rpc Cisco IOS XE

Protocol Release 3.1S

SPS TCP/UDP 130 Secure Packet sps Cisco IOS XE

Shield Release 3.1S

SPSC TCP/UDP 478 spsc spsc Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

60
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
SQL*Net TCP/UDP 66 Oracle sql*net Cisco IOS XE
SQL*NET Release 3.1S

SQLExec TCP/UDP 9088 SQL Informix sqlexec Cisco IOS XE

Release 3.1S

SQL-Net TCP/UDP 150 SQL-NET sql-net Cisco IOS XE

Release 3.1S

Cisco IOS XE Release SQLServ TCP/UDP 118 SQ sqlserv

3.1S L
Ser
vic
es

SQLServer TCP/UDP 1433 Microsoft-SQL- sqlserver Cisco IOS XE

Server Release 3.1S

SRC TCP/UDP 200 IBM System src Cisco IOS XE

Resource Release 3.1S
Controller

SRMP TCP/UDP 193 Spider Remote srmp Cisco IOS XE

Monitoring Release 3.1S
Protocol

SRP TCP/UDP 119 SpectraLink srp Cisco IOS XE

Radio Protocol Release 3.1S

SRSSend TCP/UDP 362 srssend srssend Cisco IOS XE

Release 3.1S

SS7NS TCP/UDP 477 ss7ns ss7ns Cisco IOS XE

Release 3.1S

SSCOPMCE TCP/UDP 128 SSCOPMCE sscopmce Cisco IOS XE

Release 3.1S

SSH TCP/UDP 22 Secure Shell ssh Cisco IOS XE

Protocol Release 3.1S

Sshell TCP/UDP 614 SSLshell sshell Cisco IOS XE

Release 3.1S

SSL - - Secure Socket ssl Cisco IOS XE

Layer Protocol Release 3.5S

SST TCP/UDP 266 SCSI on ST sst Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

61
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
ST TCP/UDP 5 Stream st Cisco IOS XE
Release 3.1S

StatSRV TCP/UDP 133 Statistics Service statsrv Cisco IOS XE

Release 3.1S

STMF TCP/UDP 501 stmf stmf Cisco IOS XE

Release 3.1S

STP TCP/UDP 118 Schedule stp Cisco IOS XE

Transfer Release 3.1S
Protocol

StreetTalk TCP/UDP 566 Streettalk streettalk Cisco IOS XE

Release 3.1S

Stun-NAT TCP/UDP 3478 STUN stun-nat Cisco IOS XE

Release 3.1S

STX TCP/UDP 527 Stock IXChange stx Cisco IOS XE

Release 3.1S

Submission TCP/UDP 587 Submission submission Cisco IOS XE

Release 3.1S

Subntbcst_T TCP/UDP 247 subntbcst_tftp subntbcst_tftp Cisco IOS XE

FTP Release 3.1S

SU-MIT- TCP/UDP 89 SU/MIT Telnet su-mit-tg Cisco IOS XE

TG Gateway Release 3.1S

Sun-DR TCP/UDP 665 sun-dr sun-dr Cisco IOS XE

Release 3.1S

Sun-ND TCP/UDP 77 SUN ND sun-nd Cisco IOS XE

PROTOCOL- Release 3.1S
Temporary

SupDup TCP/UDP 95 SUPDUP supdup Cisco IOS XE

Release 3.1S

Surf TCP/UDP 1010 Surf surf Cisco IOS XE

Release 3.1S

Sur-Meas TCP/UDP 243 Survey sur-meas Cisco IOS XE

Measurement Release 3.1S

Svrloc TCP/UDP 427 Server Location svrloc Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

62
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Swift-RVF TCP/UDP 97 Swift Remote swift-rvf Cisco IOS XE
Virtural File Release 3.1S
Protocol

Swipe TCP/UDP 53 IP with swipe Cisco IOS XE

Encryption Release 3.1S

Synoptics- TCP/UDP 412 Trap Convention synoptics-trap Cisco IOS XE

Trap Port Release 3.1S

Synotics- TCP/UDP 392 SynOptics Port synotics-broker Cisco IOS XE

Broker Broker Port Release 3.1S

Synotics- TCP/UDP 391 SynOptics synotics-relay Cisco IOS XE

Relay SNMP Relay Release 3.1S
Port

Systat TCP/UDP 11 Active Users systat Cisco IOS XE

Release 2.3 Cisco
IOS XE Release
3.1S

TACACS TCP/UDP 49, 65 Terminal Access tacacs Cisco IOS XE

Controller Release 2.3 Cisco
Access Control IOS XE Release
System 3.1S

TAC News TCP/UDP 98 TAC News tacnews Cisco IOS XE

Release 3.1S

Talk TCP/UDP 517 Talk talk Cisco IOS XE

Release 3.1S

TCF TCP/UDP 87 TCF tcf Cisco IOS XE

Release 3.1S

Cisco IOS XE Release TD- TCP/UDP 268 To td-replica

3.1S Replica bit
Da
vid
Re
pli
ca

TD-Service TCP/UDP 267 Tobit David td-service Cisco IOS XE

Service Layer Release 3.1S

Teedtap TCP/UDP 559 Teedtap teedtap Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

63
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Tell TCP/UDP 754 Send tell Cisco IOS XE
Release 3.1S

Telnet TCP/UDP 23 Telnet telnet Cisco IOS XE

Release 3.1S

Tempo TCP/UDP 526 newdate tempo Cisco IOS XE

Release 3.1S

Tenfold TCP/UDP 658 Tenfold tenfold Cisco IOS XE

Release 3.1S

Texar TCP/UDP 333 Texar Security texar Cisco IOS XE

Port Release 3.1S

TICF-1 TCP/UDP 492 Transport ticf-1 Cisco IOS XE

Independent Release 3.1S
Convergence for
FNA

TICF-2 TCP/UDP 493 Transport ticf-2 Cisco IOS XE

Independent Release 3.1S
Convergence for
FNA

Timbuktu TCP/UDP 407 Timbuktu timbuktu Cisco IOS XE

Release 3.1S

Time TCP/UDP 37 Time time Cisco IOS XE

Release 2.3 Cisco
IOS XE Release
3.1S

Timed TCP/UDP 525 Timeserver timed Cisco IOS XE

Release 3.1S

TINC TCP/UDP 655 tinc tinc Cisco IOS XE

Release 3.1S

TLISRV TCP/UDP 1527 Oracle tlisrv Cisco IOS XE

Release 3.1S

TLSP TCP/UDP 56 Transport Layer tlsp Cisco IOS XE

Security Release 3.1S
Protocol

TNETOS TCP/UDP 377 NEC tnETOS Cisco IOS XE

Corporation Release 3.1S

TNS-CML TCP/UDP 590 tns-cml tns-cml Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

64
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
TN-TL-FD1 TCP/UDP 476 tn-tl-fd1 tn-tl-fd1 Cisco IOS XE
Release 3.1S

TOR - - TOR Anonymity tor Cisco IOS XE

Online Release 3.5S

TP++ TCP/UDP 39 TP++ Transport tp++ Cisco IOS XE

Protocol Release 3.1S

TPIP TCP/UDP 594 tpip tpip Cisco IOS XE

Release 3.1S

Trunk-1 TCP/UDP 23 Trunk-1 trunk-1 Cisco IOS XE

Release 3.1S

Trunk-2 TCP/UDP 24 Trunk-2 trunk-2 Cisco IOS XE

Release 3.1S

TServer TCP/UDP 450 Computer tserver Cisco IOS XE

Supported Release 3.1S
Telecomunicatio
n Applications

TTP TCP/UDP 84 TTP ttp Cisco IOS XE

Release 3.1S

UAAC TCP/UDP 145 UAAC Protocol uaac Cisco IOS XE

Release 3.1S

UARPs TCP/UDP 219 Unisys ARPs uarps Cisco IOS XE

Release 3.1S

UDPLite TCP/UDP 136 UDPLite udplite Cisco IOS XE

Release 3.1S

UIS TCP/UDP 390 uis uis Cisco IOS XE

Release 3.1S

uLISTProc TCP/UDP 372 List Processor ulistproc Cisco IOS XE

Release 3.1S

ULP TCP/UDP 522 ulp ulp Cisco IOS XE

Release 3.1S

ULPNet TCP/UDP 483 ulpnet ulpnet Cisco IOS XE

Release 3.1S

Unidata- TCP/UDP 388 Unidata LDM unidata-ldm Cisco IOS XE

LDM Release 3.1S

Unify TCP/UDP 181 Unify unify Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

65
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
UPS TCP/UDP 401 Uninterruptible ups Cisco IOS XE
Power Supply Release 3.1S

URM TCP/UDP 606 Cray Unified urm Cisco IOS XE

Resource Release 3.1S
Manager

UTI TCP/UDP 120 UTI uti Cisco IOS XE

Release 3.1S

Utime TCP/UDP 519 Unixtime utime Cisco IOS XE

Release 3.1S

UTMPCD TCP/UDP 431 utmpcd utmpcd Cisco IOS XE

Release 3.1S

UTMPSD TCP/UDP 430 utmpsd utmpsd Cisco IOS XE

Release 3.1S

UUCP TCP/UDP 540 uucpd uucp Cisco IOS XE

Release 3.1S

UUCP-Path TCP/UDP 117 UUCP Path uucp-path Cisco IOS XE

Service Release 3.1S

UUCP- TCP/UDP 541 uucp-rlogin uucp-rlogin Cisco IOS XE

rLogin Release 3.1S

UUIDGEN TCP/UDP 697 UUIDGEN uuidgen Cisco IOS XE

Release 3.1S

VACDSM- TCP/UDP 671 VACDSM-APP vacdsm-app Cisco IOS XE

App Release 3.1S

VACDSM- TCP/UDP 670 VACDSM-SWS vacdsm-sws Cisco IOS XE

SWS Release 3.1S

VATP TCP/UDP 690 Velazquez vatp Cisco IOS XE

Application Release 3.1S
Transfer
Protocol

VEMMI TCP/UDP 575 vemmi vemmi Cisco IOS XE

Release 3.1S

VID TCP/UDP 769 vid vid Cisco IOS XE

Release 3.1S

Videotex TCP/UDP 516 videotex videotex Cisco IOS XE

Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

66
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
VISA TCP/UDP 70 VISA Protocol visa Cisco IOS XE
Release 3.1S

VNC TCP/UDP 5800, Virtual Network vnc Cisco IOS XE

5900, Computing Release 2.3S
5901

VMNet TCP/UDP 175 vmnet vmnet Cisco IOS XE

Release 3.1S

VMPWSCS TCP/UDP 214 vmpwscs vmpwscs Cisco IOS XE

Release 3.1S

VMTP TCP/UDP 81 VMTP vmtp Cisco IOS XE

Release 3.1S

VNAS TCP/UDP 577 vnas vnas Cisco IOS XE

Release 3.1S

VPP TCP/UDP 677 Virtual Presence vpp Cisco IOS XE

Protocol Release 3.1S

VPPS-QUA TCP/UDP 672 vpps-qua vpps-qua Cisco IOS XE

Release 3.1S

VPPS-VIA TCP/UDP 676 vpps-via vpps-via Cisco IOS XE

Release 3.1S

VRRP TCP/UDP 112 Virtual Router vrrp Cisco IOS XE

Redundancy Release 3.1S
Protocol

VSINet TCP/UDP 996 vsinet vsinet Cisco IOS XE

Release 3.1S

VSLMP TCP/UDP 312 vslmp vslmp Cisco IOS XE

Release 3.1S

WAP-Push TCP/UDP 2948 WAP PUSH wap-push Cisco IOS XE

Release 3.1S

WAP-Push- TCP/UDP 4035 WAP Push wap-push-http Cisco IOS XE

HTTP OTA-HTTP port Release 3.1S

WAP-Push- TCP/UDP 4036 WAP Push wap-push-https Cisco IOS XE

HTTPS OTA-HTTP Release 3.1S
secure

WAP- TCP/UDP 2949 WAP PUSH wap-pushsecure Cisco IOS XE

Pushsecure SECURE Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

67
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
WAP- TCP/UDP 9207 WAP vCal wap-vcal-s Cisco IOS XE
VACL-S Secure Release 3.1S

WAP-VCAL TCP/UDP 9205 WAP vCal wap-vcal Cisco IOS XE

Release 3.1S

WAP- TCP/UDP 9204 WAP vCard wap-vcard Cisco IOS XE

VCARD Release 3.1S

WAP- TCP/UDP 9206 WAP vCard wap-vcard-s Cisco IOS XE

VCARD-S Secure Release 3.1S

WAP-WSP TCP/UDP 9200 WAP wap-wsp Cisco IOS XE

connectionless Release 3.1S
session service

WAP-WSP- TCP/UDP 9202 WAP secure wap-wsp-s Cisco IOS XE

S connectionless Release 3.1S
session service

WAP-WSP- TCP/UDP 9201 WAP session wap-wsp-wtp Cisco IOS XE

WTP service Release 3.1S

WAP-WSP- TCP/UDP 9203 WAP secure wap-wsp-wtp-s Cisco IOS XE

WTP-S session service Release 3.1S

WB-Expak TCP/UDP 79 WIDEBAND wb-expak Cisco IOS XE

EXPAK Release 3.1S

WB-Mon TCP/UDP 78 WIDEBAND wb-mon Cisco IOS XE

Monitoring Release 3.1S

Webster TCP/UDP 765 Webster webster Cisco IOS XE

Release 3.1S

Webex TCP Heuristic Webex Meeting webex-meeting Cisco IOS XE

Meeting Release 3.4S

WhoAmI TCP/UDP 565 whoami whoami Cisco IOS XE

Release 3.1S

Whois++ TCP/UDP 63 whois++ Service whois++ Cisco IOS XE

Release 2.3 Cisco
IOS XE Release
3.1S

Winny - - winny2 and winny Cisco IOS XE

winnyP traffic Release 3.5S

Windows TCP 80, 443, Windows windows-update Cisco IOS XE

Update Heuristic Update Release 3.4S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

68
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
WorldFusion TCP/UDP 2595 World Fusion worldfusion Cisco IOS XE
Release 3.1S

WPGS TCP/UDP 780 wpgs wpgs Cisco IOS XE

Release 3.1S

WSN TCP/UDP 74 Wang Span wsn Cisco IOS XE

Network Release 3.1S

XAct- TCP/UDP 911 Xact-backup xact-backup Cisco IOS XE

Backup Release 3.1S

X-Bone-CTL TCP/UDP 265 Xbone CTL x-bone-ctl Cisco IOS XE

Release 3.1S

XDMCP TCP/UDP 177 X Display xdmcp Cisco IOS XE

Manager Control Release 2.3 Cisco
Protocol IOS XE Release
3.1S

XDTP TCP/UDP 3088 eXtensible Data xdtp Cisco IOS XE

Transfer Release 3.1S
Protocol

XFER TCP/UDP 82 XFER Utility xfer Cisco IOS XE

Release 3.1S

XMPP - - XMPP Client xmpp-client Cisco IOS XE

Client Connection Release 3.5S

XNET TCP/UDP 15 Cross Net xnet Cisco IOS XE

Debugger Release 3.1S

XNS-Auth TCP/UDP 56 XNS xns-auth Cisco IOS XE

Authentication Release 3.1S

XNS-CH TCP/UDP 54 XNS xns-ch Cisco IOS XE

Clearinghouse Release 3.1S

XNS-Courier TCP/UDP 165 Xerox xns-courier Cisco IOS XE

Release 3.1S

XEROX NS XNS-IDP 22 XEROX NS IDP xns-idp Cisco IOS XE

IDP Release 3.1S

XNS-Mail TCP/UDP 58 XNS mail xns-mail Cisco IOS XE

Release 3.1S

XNS-Time TCP/UDP 52 XNS Time xns-time Cisco IOS XE

Protocol Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

69
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
XTP TCP/UDP 36 XTP xtp Cisco IOS XE
Release 3.1S

XVTTP TCP/UDP 508 xvttp xvttp Cisco IOS XE

Release 3.1S

XYPlex- TCP/UDP 173 Xyplex xyplex-mux Cisco IOS XE

Mux Release 3.1S

X Windows TCP 6000-600 X Window xwindows Cisco IOS XE

3 System Release 2.3 Cisco
IOS XE Release
3.1S

z39.50 TCP/UDP 210 ANSI Z39.50 z39.50 Cisco IOS XE

Release 3.1S

Zannet TCP/UDP 317 Zannet zannet Cisco IOS XE

Release 3.1S

ZServ TCP/UDP 346 Zebra zserv Cisco IOS XE

server Release 3.1S

AN IP 107 Active an Cisco IOS XE

Networks Release 3.1S

AOL- Cisco IOS XE Release

Protocol5 3.3S TCP 5190 A aol-protocol
me
ric
a
On
Li
ne
Pr
oto
col

ARGUS IP 13 ARGUS argus Cisco IOS XE

Release 3.1S
ARIS IP 104 ARIS aris Cisco IOS XE
Release 3.1S
AX25 IP 93 AX.25 Frames ax25 Cisco IOS XE
Release 3.1S
BBNR IP 10 BBN RCC bbnrccmon Cisco IOS XE
RCC Mon Monitoring Release 3.1S

5 AOL-Protocol classifies traffic shared between ICQ and AOL clients.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

70
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
BLIZWOW TCp, UDP 3724 World of blizwow Cisco IOS XE
Warcraft Release 3.1S
Gaming Protocol

BNA IP 49 BNA bna Cisco IOS XE

Release 3.1S
BR-SAT- IP 76 Backroom br-sat-mon Cisco IOS XE
Mon SATNET Release 3.1S
Monitoring

CBT IP 7 CBT cbt Cisco IOS XE

Release 3.1S
CFTP IP 62 CFTP cftp Cisco IOS XE
Release 3.1S

Choas IP 16 Chaos chaos Cisco IOS XE

Release 3.1S

Compaq- IP 110 Compaq compaq-peer Cisco IOS XE

Peer Peer Release 3.1S
Protocol

CPHB IP 73 Computer cphb Cisco IOS XE

Protocol Release 3.1S
Heart Beat

CPNX IP 72 Computer cpnx Cisco IOS XE

Protocol Release 3.1S
Network
Executive

CRTP IP 126 Combat crtp Cisco IOS XE

Radio Release 3.1S
Transport
Protocol

CRUDP IP 127 Combat crudp Cisco IOS XE

Radio Release 3.1S
User
Datagram

DCCP IP 33 Datagram dccp Cisco IOS XE

Congestio Release 3.1S
n Control
Protocol

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

71
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
DCN-Meas IP 19 DCN dcn-meas Cisco IOS XE
Measurem Release 3.1S
ent
Subsyste
ms

DDP IP 37 Datagram ddp Cisco IOS XE

Delivery Release 3.1S
Protocol

DDX IP 116 D-II Data ddx Cisco IOS XE

Exchange Release 3.1S

DGP IP 86 Dissimilar dgp Cisco IOS XE

Gateway Release 3.1S
Protocol

DSR IP 48 Dynamic dsr Cisco IOS XE

Source Release 3.1S
Routing
Protocol

EGP IP 8 Exterior egp Cisco IOS XE

Gateway Release 3.1S
Protocol

EIGRP IP 88 Enhanced eigrp Cisco IOS XE

Interior Release 3.1S
Gateway
Routing
Protocol

EMCON IP 14 EMCON emcon Cisco IOS XE

Release 3.1S

Encap IP 98 Encapsula encap 15.1(3)T

tion
Header

EtherIP IP 97 Ethernet- etherip Cisco IOS XE

within-IP Release 3.1S
Encapsula
tion

FC IP 133 Fibre Channel fc Cisco IOS XE

Release 3.1S
FIRE IP 125 FIRE fire Cisco IOS XE
Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

72
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
GGP IP 3 Gateway- ggp Cisco IOS XE
to- Release 3.1S
Gateway

GMTP IP 100 GMTP gmtp Cisco IOS XE

Release 3.1S

GRE IP 47 General gre Cisco IOS XE

Routing Release 3.1S
Encapsula
tion

HIP IP 139 Host hip Cisco IOS XE

Identity Release 3.1S
Protocol

HMP IP 20 Host hmp Cisco IOS XE

Monitorin Release 3.1S
g

HopOpt IP 0 IPv6 Hop- hopopt Cisco IOS XE

by-Hop Release 3.1S
Option

ICQ TCP 80, I seek you icq Cisco IOS XE

Heuristic Instant Release 3.3S
Messagin
g Protocol

IATP IP 117 Interactive iatp Cisco IOS XE

Agent Release 3.1S
Transfer
Protocol

ICMP IP 1 Internet icmp Cisco IOS XE

Control Release 3.1S
Message

IDPR IP 35 Inter- idpr Cisco IOS XE

Domain Release 3.1S
Policy
Routing
Protocol

IDPR- IP 38 IDPR idpr-cmtp Cisco IOS XE

CMTP Control Release 3.1S
Message
Transport
Protocol

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

73
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
IDRP IP 45 Inter- idrp Cisco IOS XE
Domain Release 3.1S
Routing
Protocol

IFMP IP 101 Ipsilon ifmp Cisco IOS XE

Flow Release 3.1S
Managem
ent
Protocol

IGRP IP 9 Cisco igrp Cisco IOS XE

interior Release 3.1S
gateway

IL IP 40 IL il Cisco IOS XE
Transport Release 3.1S
Protocol

I-NLSP IP 52 Integrated i-nlsp Cisco IOS XE

Net Layer Release 3.1S
Security
TUBA

IMPCOMP IP 108 IP ipcomp Cisco IOS XE

Payload Release 3.1S
Compressi
on
Protocol

IPCU IP 71 Internet Packet ipcu Cisco IOS XE

Core Utility Release 3.1S

IPinIP IP 4 IP in IP ipinip Cisco IOS XE

Release 3.1S

IPIP IP 94 IP-within- ipip Cisco IOS XE

IP Release 3.1S
Encapsula
tion
Protocol

IPLT IP 129 IPLT iplt Cisco IOS XE

Release 3.1S

IPPC IP 67 Internet ippc Cisco IOS XE

Pluribus Release 3.1S
Packet
Core

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

74
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
IPv6-Frag IP 44 Fragment ipv6-frag Cisco IOS XE
Header for Release 3.1S
IPv6

IPv6-ICMP IP 58 ICMP for ipv6-icmp Cisco IOS XE

IPv6 Release 3.1S

IPv6INIP IP 41 Ipv6 ipv6inip Cisco IOS XE

encapsulat Release 3.1S
ed

IPv6- IP 59 No Next ipv6-nonxt Cisco IOS XE

NONXT Header for Release 3.1S
IPv6

IPv6-Opts IP 60 Destinatio ipv6-opts Cisco IOS XE

n Options Release 3.1S
for IPv6

IPv6-Route IP 43 Routing ipv6-route Cisco IOS XE

Header for Release 3.1S
IPv6

IRTP IP 28 Internet irtp Cisco IOS XE

Reliable Release 3.1S
Transactio
n

ISIS IP 124 ISIS over isis Cisco IOS XE

IPv4 Release 3.1S

ISO-TP4 IP 29 ISO iso-tp4 Cisco IOS XE

Transport Release 3.1S
Protocol
Class 4

IXP-in-IP IP 111 IPX in IP ixp-in-ip Cisco IOS XE

Release 3.1S

LARP IP 91 Locus larp Cisco IOS XE

Address Release 3.1S
Resolutio
n Protocol

Leaf-1 IP 25 Leaf-1 leaf-1 Cisco IOS XE

Release 3.1S

6to4 IPv6 L3 Protocol -- 6to4 IPv6 6to4 IPv6 Cisco IOS XE

Tunneled Tunneled Tunneled Release 3.2S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

75
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
AYIYA IPv6 UDP 5072 IPv6 Tunneled AYIYA IPv6 Cisco IOS XE
Tunneled based on Tunneled Release 3.2S
AYIYA traffic

BabelGum TCP, UDP 80 + BabelGum BabelGum Cisco IOS XE

Heuristic Release 3.2S

Baidu TCP, UDP 80 + Baidu Baidu Movie Cisco IOS XE

Movie Heuristic Movie Release 3.2S

DHCP UDP 67,68 Dynamic dhcp Cisco IOS XE

Host Release 3.2S
Configura
tion
Protocol

DHT UDP Heuristic Distribute DHT Cisco IOS XE

d sloppy Release 3.2S
Hash
Table
Protocol

Filetopia TCP Heuristic Filetopia filetopia Cisco IOS XE

P2P file Release 3.2S
sharing

Fring-VoIP UDP Heuristic Fring fring-voip Cisco IOS XE

VoIP Release 3.3S

GoogleEart TCP 80 + GoogleEa GoogleEarth Cisco IOS XE

h Heuristic rth Release 3.2S

Guruguru TCP Heuristic Guruguru guruguru Cisco IOS XE

Release 3.2S

IMAP TCP 143,220 Internet imap Cisco IOS XE

Mail Release 3.2S
Access
Protocol

IRC TCP 80 + IRC IRC Cisco IOS XE

Heuristic Release 3.2S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

76
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
ISATAP L3 Protocol Intra-Site ISATAP IPv6 Cisco IOS XE
IPv6 Automatic Tunneled Release 3.2S
Tunneled Tunnel
Addressin
g Protocol
(ISATAP)
IPv6
Tunneled

iTunes TCP 80 + iTunes iTunes Cisco IOS XE

Heuristic Release 3.2S

Kuro TCP Heuristic Kuro kuro Cisco IOS XE

Release 3.3S

Manolito TCP, UDP TCP - Manolito manolito Cisco IOS XE

Heuristic P2P music Release 3.2S
port, UDP sharing
- 41170 protocol

MapleStory TCP Heuristic Maple MapleStory Cisco IOS XE

Story Release 3.2S
Gaming
Protocol

Cisco IOS XE Release MGCP TCP, UDP UDP 2427/2727 - Me mgcp

3.2S TCP dia
2427/2428/2727 + Ga
Heuristic te
wa
y
Co
ntr
ol
Pr
oto
col

Microsoftds TCP, UDP 445 Microsoft-ds microsoftds Cisco IOS XE

Release 3.3S
MSN TCP 1080,1863 MSN Messenger msn-messenger Cisco IOS XE
Messenger , 80, Release 3.3S
Hueristic

MyJabber TCP Heuristic MyJabber MyJabber File Cisco IOS XE

File File Transfer Release 3.2S
Transfer Transfer

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

77
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Napster TCP 80 + Napster napster Cisco IOS XE
Heuristic Release 3.2S

Netshow TCP 1755 + Netshow netshow Cisco IOS XE

Heuristic Release 3.2S

NNTP TCP TCP - 119 Network NNTP Cisco IOS XE

+ News Release 3.2S
Heuristic, Transfer
UDP -119 Protocol

NTP UDP 123 Network NTP Cisco IOS XE

Time Release 3.2S
Protocol

Pando TCP,UDP TCP - 80 + Pando Pando Cisco IOS XE

Heuristic, Release 3.2S
UDP -
Heuristic

POCO TCP, UDP Heuristic POCO POCO Cisco IOS XE

File- Release 3.2S
Sharing
Applicatio
n

POP3 TCP 110, POP3 POP3 Cisco IOS XE

Heuristic Release 3.2S

PPTP TCP 1723 Point-to- pptp Cisco IOS XE

Point Release 3.2S
Tunneling
Protocol

RADIUS UDP 1812, 1813 Remote radius Cisco IOS XE

Authentic Release 3.3S
ation Dial
In User
Service
protocol

Cisco IOS XE Release SIP TCP, UDP TCP/UDP - 5060 Se sip

3.1S + Heuristic ssi
on
Ini
tiat
ion
Pr
oto
col

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

78
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Skinny TCP 2000-200 Skinny Call skinny Cisco IOS XE
2 Control Protocol Release 3.3S

Soribada TCP TCP - 80 Soribada, soribada Cisco IOS XE

+ Korean P2P Release 3.2S
Heuristic, music sharing
UDP - Protocol
Heuristic

Soulseek TCP Heuristic SoulSeek soulseek Cisco IOS XE

internet Release 3.3S
download
manager
Protocol

TeamSpeak UDP Heuristic TeamSpea TeamSpeak Cisco IOS XE

k internet Release 3.2S
based
voice-
conferenci
ng
Protocol

Telepresenc TCP,UDP TCP- Teleprese telepresence- Cisco IOS XE

e-control 5060, nce- control Release 3.2S
UDP- control
Heuristic

Teredo TCP,UDP TCP- Teredo teredo-ipv6- Cisco IOS XE

IPv6 Heuristic, IPv6 tunneled Release 3.2S
Tunneled UDP - Tunneled
3544 +
Heuristic

TFTP UDP 69 Trivial tftp Cisco IOS XE

File Release 3.2S
Transfer
Protocol

TomatoPan TCP Heuristic TomatoPa TomatoPang Cisco IOS XE

g ng P2P Release 3.2S
Sharing
Protocol

Tunnel- TCP 80 + HTTP tunnel-http Cisco IOS XE

HTTP Heuristic Tunneling Release 3.2S

Ventrilo TCP, UDP Heuristic Ventrilo Ventrilo Cisco IOS XE

VoIP Release 3.2S
Protocol

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

79
 NBAR Protocol Discovery
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE

Protocol Release
Waste TCP/UDP Heuristic Waste waste Cisco IOS XE
Release 3.3S

WebThund TCP, UDP TCP-80, WebThun WebThunder Cisco IOS XE

er UDP- der Peer- Release 3.2S
Heuristic to-Peer
File
Sharing

Yahoo- TCP TCP-5050/ Yahoo yahoo- Cisco IOS XE

Messenger 5101/1080/ Messenge messenger Release 3.3S
119/80 / r
Heuristic

Yahoo- TCP/UDP Heuristic Yahoo yahoo-voip- Cisco IOS XE

Messenger- Messenger VoIP messenger Release 3.3S
VoIP
Yahoo- TCP/UDP 5060/ Yahoo VoIP yahoo-voip-over- Cisco IOS XE
Messenger- Heuristic over SIP sip Release 3.4S
VoIP
Yahoo-
VoIP-over-
SIP

NBAR Protocol Discovery

NBAR includes a feature called Protocol Discovery. Protocol discovery provides an easy way to discover
protocol packets passing through an interface. For more information about Protocol Discovery, see the
"Enabling Protocol Discovery" module.

NBAR Protocol Discovery MIB

The NBAR Protocol Discovery MIB expands the capabilities of NBAR Protocol Discovery by providing
the following new functionality through Simple Network Management Protocol (SNMP):
• Enable or disable Protocol Discovery per interface.
• Display Protocol Discovery statistics.
• Configure and display multiple top-n tables that list protocols by bandwidth usage.
• Configure thresholds based on traffic of particular NBAR-supported protocols or applications that
report breaches and send notifications when these thresholds are exceeded.
For more information about the NBAR Protocol Discovery MIB, see the "Network-Based Application
Recognition Protocol Discovery Management Information Base" module.

NBAR Configuration Processes

You can configure NBAR in the following two ways:

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

80
 Restarting NBAR
Flow Table Sizing

• Configuring NBAR using the MQC

• Enabling Protocol Discovery
For more information about the NBAR configuration, see the Cisco IOS XE QoS Configuration Guide.

Restarting NBAR
NBAR is restarted under the following circumstances.
• Custom protocol addition via CLI
• PDLM load
• RP switchover
• FP switchover
• Protocol pack installation
• Link-age change
Restart involves deactivating and reactivating NBAR. During this time, all packets are classified as
‘Unknown’ by NBAR. Once NBAR is reactivated, classification is activated.

Note Protocol Discovery statistics will be lost with RP Switchover.

NBAR Protocol Pack

The NBAR Protocol Pack provides an easy way to update protocols supported by NBAR without replacing
the base IOS image that is already present in the router. A protocol pack is a set of protocols developed and
packed together. For more information about the NBAR Protocol Pack, see the NBAR Protocol Pack
feature document in Cisco IOS XE QoS Configuration Guide.

NBAR and Multipacket Classification

In Cisco IOS XE Release 3.3S, NBAR provides the ability to search large number of multipacket
signatures simultaneously. This new technique is supported for many of the new protocols in Cisco IOS XE
Release 3.3S and later releases. This technique also provides improved performance and accuracy for other
protocols. Along with the support for new signatures, the multipacket classification capabilities change
NBAR behavior in the following ways:
1 NBAR classification requires any number of payload packets between 1 and 15 packets in a flow
depending on the protocol. Retransmitted packets are not counted in this process of calculation.
2 NBAR will not classify flows without any payload packets or any TCP payload packet with a wrong
sequence number even if there are 15 payload packets for classification.
3 TCP retransmitted packets are not counted as valid packets for classification in the Multipacket Engine
module. These type of packets can delay the classification until a sufficient number of valid payload
packets are accumulated.
4 Payload packets with only static signatures in NBAR are classified after the single-packet and
multipacket protocols are processed and failed. Therefore, a maximum of 15 payload packets can be
classified as unknown until the final (static) classification decision is taken.
5 Due to these restrictions, custom protocols can be used to force the classification of the first packet,
ignoring the existence of payload or correct sequence numbers in the port-based classification.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

81
 NBAR on VRF Interfaces
NBAR Support for IPv6 from Cisco IOS XE Release 3.5S and Later Releases

NBAR on VRF Interfaces

In Cisco IOS XE Release 3.3S and later releases, the NBAR IPv4 and IPv6 classification on VRF interfaces
is supported.

Note Classification for Citrix protocol with "app" subclassification is not guaranteed on VRF interfaces when
NBAR is enabled on VRF interfaces.

NBAR and IPv6

In Cisco IOS XE Release 3.3S and later releases, the following types of classification are supported:
• NBAR provides static port-based classification and IP protocol-based classification for IPv6 packets.
• NBAR supports IPv6 classification in protocol discovery mode, but not in MQC mode.
• NBAR always reads the next header field in the fixed IPv6 header to determine the transport layer
protocol used by the packet’s payload for IPv6 packets. If an IPv6 packet contains one or more
extension headers, NBAR will not skip to the last IPv6 extension header to read the actual protocol
type instead, NBAR classifies the packet as an IPv6 extension header packet.
• NBAR Support for IPv6 from Cisco IOS XE Release 3.5S and Later Releases, page 82

NBAR Support for IPv6 from Cisco IOS XE Release 3.5S and Later Releases
In Cisco IOS XE Release 3.5S and later releases, NBAR supports the following types of classification:
• Native IPv6 classification.
• Classification of IPv6 traffic flows inside tunneled IPv6 over IPv4 and teredo.
• IPv6 classification in protocol discovery mode and in MQC mode.
• Static and stateful classification.
• Flexible NetFlow with NBAR based fields on IPv6.
NBAR supports IPv6 in IPv4 (6to4, 6rd, and ISATAP), and teredo tunneled classification. The ip nbar
classification tunneled-traffic command is used to enable the tunneled traffic classification. When the
tunneled traffic classification is enabled, NBAR performs an application classification of the IPv6 packets
carried inside IPv4 traffic. If the ip nbar classification tunneled-traffic command is disabled, the tunneled
IPv6 packets are handled as IPv4 packets.
NBAR supports the capture of IPv6 fields and allows the creation of IPv6 traffic-based flow monitors.
When you enable the ipv6 flow monitor command, the monitor is bound to the interface, NBAR
classification is applied to the IPv6 traffic type, and Flexible NetFlow captures the application IDs in the
IPv6 traffic flow.

NBAR Categorization and Attributes

The NBAR Categorization and Attributes feature provides the mechanism to match protocols or
applications based on certain attributes. As there are many protocols and applications, categorizing them
into different groups will help with reporting as well as performing group actions, such as applying QoS
policies, on them. Attributes are statically assigned to each protocol or application, and they are not

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

82
 How to Configure Attribute-Based Protocol Match
Configuring Attribute-Based Protocol Match

dependent on the traffic. The following attributes are available to configure the match criteria using the
match protocol attribute command. They are:
• application-group: The application-group attribute allows the configuration of applications grouped
together based on the same networking application as the match criteria. For example, Yahoo-
Messenger, Yahoo-VoIP-messenger, and Yahoo-VoIP-over-SIP are grouped together under the yahoo-
messenger-group.
• category: The category attribute allows you to configure applications that are grouped together based
on the first level of categorization for each protocol as the match criteria. Similar applications are
grouped together under one category. For example, the email category contains all email applications
such as, Internet Mail Access Protocol (IMAP), Simple Mail Transfer Protocol (SMTP), Lotus Notes,
and so forth.
• sub-category: The sub-category attribute provides the option to configure applications grouped
together based on the second level of categorization for each protocol as the match criteria. For
example, clearcase, dbase, rda, mysql and other database applications are grouped under the database
group.
• encrypted: The encrypted attribute provides the option to configure applications grouped together
based on whether the protocol is an encrypted protocol or not as the match criteria. Applications are
grouped together based on whether they are encrypted and non-encrypted status of the applications.
Protocols for which the NBAR does not provide any value are categorized under the unassigned
encrypted group.
• tunnel: The tunnel attribute provides the option to configure protocols based on whether or not a
protocol tunnels the traffic of other protocols. Protocols for which the NBAR does not provide any
value are categorized under the unassigned tunnel group. For example, Layer 2 Tunneling Protocols
(L2TP).

Note Attribute-based protocol match configuration does not impact the granularity of classification either in
reporting or in the protocol discovery information.

How to Configure Attribute-Based Protocol Match

• Configuring Attribute-Based Protocol Match, page 83

Configuring Attribute-Based Protocol Match

Perform this task to configure the attribute-based protocol match.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

83
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Configuring Attribute-Based Protocol Match

SUMMARY STEPS

1. enable
2. configure terminal
3. class-map [type] [match-all | match-any] class-map-name
4. match protocol attribute application-group application-group [application-name]
5. match protocol attribute category application-category [application-name]
6. match protocol attribute encrypted {encrypted-no | encrypted-unassigned | encrypted-yes}
[application-name]
7. match protocol attribute sub-category application-category [application-name]
8. match protocol attribute tunnel {tunnel-no | tunnel-unassigned | tunnel-yes} [application-name]
9. end

DETAILED STEPS

Step 1 enable

Example:
Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.
Step 2 configure terminal

Example:
Router# configure terminal

Enters global configuration mode.

Step 3 class-map [type] [match-all | match-any] class-map-name

Example:
Router(config)# class-map cmap1

Creates a class map to be used for matching packets to a specified class and enters class-map configuration mode.
• Enter the name of the class map.
Step 4 match protocol attribute application-group application-group [application-name]

Example:
Router(config-cmap)# match protocol attribute application-group skype

Configures the specified application group as the match criterion.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

84
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Configuring Attribute-Based Protocol Match

• (Optional) Use the application-name attribute to configure the application and not the application group as the
match criterion. The configuration is saved as match protocol application-name instead of match protocol
attribute application-group application-group.
Step 5 match protocol attribute category application-category [application-name]

Example:
Router(config-cmap)# match protocol attribute category email

Configures the specified category as the match criteria attribute.

• (Optional) Use the application-name attribute to configure a specific application, and not the application
category, as the match criterion. The configuration is saved as match protocol application-name instead of
match protocol attribute category application-category.
Step 6 match protocol attribute encrypted {encrypted-no | encrypted-unassigned | encrypted-yes} [application-name]

Example:
Router(config-cmap)# match protocol attribute encrypted encrypted-yes

Configures the specified encryption status as the match criterion.

• Enter the encrypted-yes keyword to match all encrypted applications.
or
Enter the encrypted-no keyword to match all nonencrypted applications.
or
Enter the encrypted-unassigned keyword to match all applications that are not assigned any encryption status.
• (Optional) Use the application-name attribute to configure application within the specified encrypted status as the
match criterion. The configuration is saved as match protocol application-name instead of match protocol
attribute encrypted {encrypted-no | encrypted-unassigned | encrypted-yes}.
Step 7 match protocol attribute sub-category application-category [application-name]

Example:
Router(config-cmap)# match protocol attribute sub-category client-server

Configures the specified sub-category as the match criteria attribute.

• (Optional) Use the application-name attribute to configure a specific application, and not the sub-category, as the
match criterion. The configuration is saved as match protocol application-name instead of match protocol
attribute sub-category application-category.
Step 8 match protocol attribute tunnel {tunnel-no | tunnel-unassigned | tunnel-yes} [application-name]

Example:
Router(config-cmap)# match protocol attribute tunnel tunnel-yes

Configures the specified encryption status as the match criterion.

• Enter the tunnel-no keyword to specify the applications that are not tunneled as the match criterion.
or

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

85
 Example: Classification of HTTP Traffic Using the HTTP Header Fields
Configuration Examples for Classifying Network Traffic Using NBAR in Cisco IOS XE Software

Enter the tunnel-unassigned keyword to specify the applications that are unassigned for tunneling as the match
criterion.
or
Enter the tunnel-yes keyword to specify the tunneled applications as the match criterion.
• (Optional) Use the application-name attribute to configure a specific application within the specified tunneling
status as the match criterion. The configuration is saved as match protocol application-name instead of match
protocol attribute tunnel {tunnel-no | tunnel-unassigned | tunnel-yes}.
Step 9 end

Example:
Router(config-cmap)# end

Exits class-map configuration mode and returns to privileged EXEC mode.

Configuration Examples for Classifying Network Traffic Using

NBAR in Cisco IOS XE Software
• Example: Classification of HTTP Traffic Using the HTTP Header Fields, page 86
• Example: Combinations of Classification of HTTP Headers and URL Host or MIME Type to Identify
HTTP Traffic, page 87
• Example: NBAR and Classification of Custom Protocols and Applications, page 87
• Example: NBAR and Classification of Peer-to-Peer File-Sharing Applications, page 88
• Example: Configuring Attribute-Based Protocol Match, page 89

Example: Classification of HTTP Traffic Using the HTTP Header Fields

In the following example, any request message that contains "[email protected]" in the User-Agent,
Referer, or From field will be classified by NBAR. Typically, a term with a format similar to
"[email protected]" would be found in the From header field of the HTTP request message.

class-map match-all class1

match protocol http from "[email protected]"

In the following example, any request message that contains "http://www.cisco.com/routers" in the User-
Agent, Referer, or From field will be classified by NBAR. Typically, a term with a format similar to "http://
www.cisco.com/routers" would be found in the Referer header field of the HTTP request message.

class-map match-all class2

match protocol http referer "http://www.cisco.com/routers"

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

86
 Example: Combinations of Classification of HTTP Headers and URL Host or MIME Type to Identify HTTP Traffic
Configuration Examples for Classifying Network Traffic Using NBAR in Cisco IOS XE Software

In the following example, any request message that contains "CERN-LineMode/2.15" in the User-Agent,
Referer, or From header field will be classified by NBAR. Typically, a term with a format similar to
"CERN-LineMode/2.15" would be found in the User-Agent header field of the HTTP request message.

class-map match-all class3

match protocol http user-agent "CERN-LineMode/2.15"

In the following example, any response message that contains "CERN/3.0" in the Content-Base (if
available), Content-Encoding, Location, or Server header field will be classified by NBAR. Typically, a
term with a format similar to "CERN/3.0" would be found in the Server header field of the response
message.

class-map match-all class4

match protocol http server "CERN/3.0"

In the following example, any response message that contains "http://www.cisco.com/routers" in the
Content-Base (if available), Content-Encoding, Location, or Server header field will be classified by
NBAR. Typically, a term with a format similar to "http://www.cisco.com/routers" would be found in the
Content-Base (if available) or Location header field of the response message.

class-map match-all class5

match protocol http location "http://www.cisco.com/routers"

In the following example, any response message that contains "gzip" in the Content-Base (if available),
Content-Encoding, Location, or Server header field will be classified by NBAR. Typically, the term "gzip"
would be found in the Content-Encoding header field of the response message.

class-map match-all class6

match protocol http content-encoding "gzip"

Example: Combinations of Classification of HTTP Headers and URL Host or

MIME Type to Identify HTTP Traffic
In the following example, HTTP header fields are combined with a URL to classify traffic. In this example,
traffic with a User-Agent field of "CERN-LineMode/3.0" and a Server field of "CERN/3.0," along with
URL "www.cisco.com/routers," will be classified using NBAR:

class-map match-all c-http

match protocol http user-agent "CERN-LineMode/3.0"
match protocol http server "CERN/3.0"
match protocol http url "www.cisco.com/routers"

Example: NBAR and Classification of Custom Protocols and Applications

In the following example, the custom protocol app-sales1 will identify TCP packets that have a source port
of 4567 and that contain the term "SALES" in the fifth byte of the payload:

Router(config)# ip nbar custom app-sales1 5 ascii SALES source tcp 4567

In the following example, the custom protocol virus-home will identify UDP packets that have a
destination port of 3000 and that contain "0x56" in the seventh byte of the payload:

Router(config)# ip nbar custom virus-home 7 hex 0x56 destination udp 3000

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

87
 Example: NBAR and Classification of Peer-to-Peer File-Sharing Applications
Configuration Examples for Classifying Network Traffic Using NBAR in Cisco IOS XE Software

In the following example, the custom protocol media_new will identify TCP packets that have a destination
or source port of 4500 and that have a value of 90 at the sixth byte of the payload:

Router(config)# ip nbar custom media_new 6 decimal 90 tcp 4500

In the following example, the custom protocol msn1 will look for TCP packets that have a destination or
source port of 6700:

Router(config)# ip nbar custom msn1 tcp 6700

In the following example, the custom protocol mail_x will look for UDP packets that have a destination
port of 8202:

Router(config)# ip nbar custom mail_x destination udp 8202

In the following example, the custom protocol mail_y will look for UDP packets that have destination ports
between 3000 and 4000 inclusive:

Router(config)# ip nbar custom mail_y destination udp range 3000 4000

Example: NBAR and Classification of Peer-to-Peer File-Sharing

Applications
The match protocol gnutella file-transfer regular-expression and match protocol fasttrack file-transfer
regular-expression commands are used to enable Gnutella and FastTrack classification in a traffic class.
The file-transfer keyword indicates that a regular expression variable will be used to identify specific
Gnutella or FastTrack traffic. The regular-expression variable can be expressed as "*" to indicate that all
FastTrack or Gnutella traffic be classified by a traffic class.
In the following example, all FastTrack traffic is classified into class map nbar:

class-map match-all nbar

match protocol fasttrack file-transfer "*"

Similarly, all Gnutella traffic is classified into class map nbar in the following example:

class-map match-all nbar

match protocol gnutella file-transfer "*"

Wildcard characters in a regular expression can also be used to identify specified Gnutella and FastTrack
traffic. These regular expression matches can be used to match on the basis of a filename extension or a
particular string in a filename.
In the following example, all Gnutella files that have the .mpeg extension will be classified into class map
nbar:

class-map match-all nbar

match protocol gnutella file-transfer "*.mpeg"

In the following example, only Gnutella traffic that contains the characters "cisco" is classified:

class-map match-all nbar

match protocol gnutella file-transfer "*cisco*"

The same examples can be used for FastTrack traffic:

class-map match-all nbar

match protocol fasttrack file-transfer "*.mpeg"

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

88
 Example: Configuring Attribute-Based Protocol Match
Configuration Examples for Classifying Network Traffic Using NBAR in Cisco IOS XE Software

or

class-map match-all nbar

match protocol fasttrack file-transfer "*cisco*"

Example: Configuring Attribute-Based Protocol Match

The match protocol attributes command is used to configure different attributes as the match criteria for
application recognition.
In the following example, the email-related applications category is configured as the match criterion:
Router# configure terminal
Router(config)# class-map mygroup
Router(config-cmap)# match protocol attribute category email

In the following example, skype-group applications are configured as the match criterion:
Router# configure terminal
Router(config)# class-map apps
Router(config-cmap)# match protocol attribute application-group skype-group

In the following example, encrypted applications are configured as the match criterion:
Router# configure terminal
Router(config)# class-map my-class
Router(config-cmap)# match protocol encrypted encrypted-yes

In the following example, Client-server subcategory applications are configured as the match criterion:
Router# configure terminal
Router(config)# class-map newmap
Router(config-cmap)# match protocol attribute sub-category client-server

In the following example, tunneled applications are configured as the match criterion:
Router# configure terminal
Router(config)# class-map mygroup
Router(config-cmap)# match protocol attribute tunnel tunnel-yes

The following sample output from the show ip nbar attribute command displays the details of all the
attributes:
Router# show ip nbar attribute
Name : category
Help : category attribute
Type : group
Groups : email, newsgroup, location-based-services, instant-messaging, netg
Need : Mandatory
Default : other

Name : sub-category
Help : sub-category attribute
Type : group
Groups : routing-protocol, terminal, epayement, remote-access-terminal, nen
Need : Mandatory
Default : other

Name : application-group
Help : application-group attribute
Type : group
Groups : skype-group, wap-group, pop3-group, kerberos-group, tftp-group, bp
Need : Mandatory
Default : other

Name : tunnel
Help : Tunnelled applications
Type : group
Groups : tunnel-no, tunnel-yes, tunnel-unassigned
Need : Mandatory
Default : tunnel-unassigned

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

89
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Additional References

Name : encrypted
Help : Encrypted applications
Type : group
Groups : encrypted-yes, encrypted-no, encrypted-unassigned
Need : Mandatory
Default : encrypted-unassigned

The following sample output from the show ip nbar protocol-attribute command displays the details of
the protocols:
Router# show ip nbar protocol-attribute

Protocol Name : ftp

category : file-sharing
sub-category : client-server
application-group : ftp-group
tunnel : tunnel-no
encrypted : encrypted-no

Protocol Name : http

category : browsing
sub-category : other
application-group : other
tunnel : tunnel-no
encrypted : encrypted-no

Protocol Name : egp

category : net-admin
sub-category : routing-protocol
application-group : other
tunnel : tunnel-no
encrypted : encrypted-no

Protocol Name : gre

category : net-admin
sub-category : tunneling-protocols
application-group : other
tunnel : tunnel-yes
encrypted : encrypted-no

Additional References
Related Documents

Related Topic Document Title

Cisco IOS commands Cisco IOS Master Commands List, All Releases

QoS commands: complete command syntax, Cisco IOS Quality of Service Solutions Command
command modes, command history, defaults, usage Reference
guidelines, and examples

Classifying network traffic if not using NBAR "Classifying Network Traffic" module

Marking network traffic "Marking Network Traffic" module

MQC "Applying QoS Features Using the MQC" module

Protocol Discovery "Enabling Protocol Discovery" module

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

90
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Additional References

Standards

Standard Title
ISO 0009 File Transfer Protocol (FTP)

ISO 0013 Domain Names - Concepts and Facilities

ISO 0033 The TFTP Protocol (Revision 2)

ISO 0034 Routing Information Protocol

ISO 0053 Post Office Protocol - Version 3

ISO 0056 RIP Version 2

MIBs

MIB MIBs Link

No new or modified MIBs are supported, and To locate and download MIBs for selected
support for existing MIBs has not been modified. platforms, Cisco software releases, and feature sets,
use Cisco MIB Locator found at the following
URL:
http://www.cisco.com/go/mibs

RFCs

RFC Title
RFC 742 NAME/FINGER Protocol

RFC 759 Internet Message Protocol

RFC 768 User Datagram Protocol

RFC 792 Internet Control Message Protocol

RFC 793 Transmission Control Protocol

RFC 821 Simple Mail Transfer Protocol

RFC 827 Exterior Gateway Protocol

RFC 854 Telnet Protocol Specification

RFC 888 "STUB" Exterior Gateway Protocol

RFC 904 Exterior Gateway Protocol Formal Specification

RFC 951 Bootstrap Protocol

RFC 959 File Transfer Protocol

RFC 977 Network News Transfer Protocol

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

91
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Additional References

RFC Title
RFC 1001 Protocol Standard for a NetBIOS Service on a
TCP/UDP Transport: Concepts and Methods

RFC 1002 Protocol Standard for a NetBIOS Service on a

TCP/UDP Transport: Detailed Specifications

RFC 1057 RPC: Remote Procedure Call

RFC 1094 NFS: Network File System Protocol Specification

RFC 1112 Host Extensions for IP Multicasting

RFC 1157 Simple Network Management Protocol

RFC 1282 BSD Rlogin

RFC 1288 The Finger User Information Protocol

RFC 1305 Network Time Protocol

RFC 1350 The TFTP Protocol (Revision 2)

RFC 1436 The Internet Gopher Protocol

RFC 1459 Internet Relay Chat Protocol

RFC 1510 The Kerberos Network Authentication Service

RFC 1542 Clarifications and Extensions for the Bootstrap

Protocol

RFC 1579 Firewall-Friendly FTP

RFC 1583 OSPF Version 2

RFC 1657 Definitions of Managed Objects for the Fourth

Version of the Border Gateway Protocol

RFC 1701 Generic Routing Encapsulation

RFC 1730 Internet Message Access Protocol--Version 4

RFC 1771 A Border Gateway Protocol 4 (BGP-4)

RFC 1777 Lightweight Directory Access Protocol

RFC 1831 RPC: Remote Procedure Call Protocol

Specification Version 2

RFC 1889 A Transport Protocol for Real-Time Applications

RFC 1890 RTP Profile for Audio and Video Conferences with
Minimal Control

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

92
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Additional References

RFC Title
RFC 1928 SOCKS Protocol Version 5

RFC 1939 Post Office Protocol--Version 3

RFC 1945 Hypertext Transfer Protocol--HTTP/1.0

RFC 1964 The Kerberos Version 5 GSS-API Mechanism

RFC 2045 Multipurpose Internet Mail Extension (MIME) Part

One: Format of Internet Message Bodies

RFC 2060 Internet Message Access Protocol--Version 4 rev1

RFC 2068 Hypertext Transfer Protocol--HTTP/1.1

RFC 2131 Dynamic Host Configuration Protocol

RFC 2205 Resource ReSerVation Protocol (RSVP)--Version 1

Functional Specification

RFC 2236 Internet Group Management Protocol, Version 2

RFC 2251 Lightweight Directory Access Protocol (v3)

RFC 2252 Lightweight Directory Access Protocol (v3):

Attribute Syntax Definitions

RFC 2253 Lightweight Directory Access Protocol (v3): UTF-8

String Representation of Distinguished Names

RFC 2401 Security Architecture for the Internet Protocol

RFC 2406 IP Encapsulating Security Payload

RFC 2453 RIP Version 2

RFC 2616 Hypertext Transfer Protocol--HTTP/1.1

Note This RFC updates RFC 2068.

Technical Assistance

Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/
provides online resources to download index.html
documentation, software, and tools. Use these
resources to install and configure the software and
to troubleshoot and resolve technical issues with
Cisco products and technologies. Access to most
tools on the Cisco Support and Documentation
website requires a Cisco.com user ID and
password.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

93
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Feature Information for Classifying Network Traffic Using NBAR

Feature Information for Classifying Network Traffic Using

NBAR
The following table provides release information about the feature or features described in this module.
This table lists only the software release that introduced support for a given feature in a given software
release train. Unless noted otherwise, subsequent releases of that software release train also support that
feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 5 Feature Information for Classifying Network Traffic Using NBAR in Cisco IOS XE software

Feature Name Releases Feature Information

Additional PDL Support for Cisco IOS XE Release 3.1S The additional PDL Support for
NBAR NBAR feature provides support
for additional PDLs.
The following section provides
information about this feature:
NBAR and Classification of
HTTP Traffic, page 4

Enhanced NBAR Cisco IOS XE Release 3.2S The Enhanced NBAR feature
provides additional PDLs for
Cisco IOS XE Release 3.2S.
The following section provides
information about this feature:
NBAR-Supported Protocols,
page 13

NBAR Categorization and Cisco IOS XE Release 3.4S The NBAR Categorization and
Attributes Attributes feature provides the
mechanism of matching the
protocols grouped under specific
categories based on the attributes.
These categories are available for
Class-Based Policy Language
(CPL) as a match criteria for
application recognition.
The following section provides
information about this feature:
NBAR Categorization and
Attributes, page 82

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

94
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Feature Information for Classifying Network Traffic Using NBAR

Feature Name Releases Feature Information

NBAR Classification Cisco IOS XE Release 3.5S The NBAR Classification
Enhancements for IOS-XE3.5 Enhancements feature provides
additional classification support
for native IPv6 classification and
classification of flows inside
tunneled IPv6 over IPv4.
The following section provides
information about this feature:
NBAR Support for IPv6 from
Cisco IOS XE Release 3.5S and
Later Releases, page 82
The following commands were
introduced or modified: ip nbar
classification tunneled-traffic,
option (FNF).

NBAR PDLM Supported in ASR Cisco IOS XE Release 2.5 This feature was integrated into
1000 Release 2.5 Cisco IOS XE Release 2.5.
Cisco IOS XE Release 3.1S
NBAR-supported protocols were
Cisco IOS XE Release 3.3S added for this release.
The following section provides
information about this feature:
NBAR-Supported Protocols,
page 13
The following command was
modified: match protocol
(NBAR).

NBAR Protocols Cisco IOS XE Release 2.3 This feature was integrated into
Cisco IOS XE Release 2.3.
NBAR-supported protocols were
added for this release.
The following section provides
information about this feature:
NBAR-Supported Protocols,
page 13
The following command was
modified: match
protocol(NBAR).

NBAR Real-time Transport Cisco IOS XE Release 2.1 This feature was introduced on
Protocol Payload Classification Cisco ASR 1000 Series
Aggregation Services Routers.
The following section provides
information about this feature:
NBAR-Supported Protocols,
page 13

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

95
 Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Glossary

Feature Name Releases Feature Information

NBAR Static IPv4 IANA Cisco IOS XE Release 3.1S This feature was introduced on
Protocols Pack1 Cisco ASR 1000 Series
Aggregation Services Routers.
The following section provides
information about this feature:
NBAR-Supported Protocols,
page 13

NBAR VRF aware Cisco IOS XE Release 3.3S This feature was introduced on
Cisco ASR 1000 Series
Aggregation Services Routers.
The following section provides
information about this feature:
NBAR Scalability, page 11

Glossary
Encryption—Encryption is the application of a specific algorithm to data so as to alter the appearance of
the data, making it incomprehensible to those who are not authorized to see the information.
HTTP —Hypertext Transfer Protocol. The protocol used by web browsers and web servers to transfer
files, such as text and graphic files.
IANA —Internet Assigned Numbers Authority. An organization operated under the auspices of the Internet
Society (ISOC) as a part of the Internet Architecture Board (IAB). IANA delegates authority for IP
address-space allocation and domain-name assignment to the InterNIC and other organizations. IANA also
maintains a database of assigned protocol identifiers used in the TCP/IP stack, including autonomous
system numbers.
LAN —Local-area network. A high-speed, low-error data network that covers a relatively small geographic
area (up to a few thousand meters). LANs connect workstations, peripherals, terminals, and other devices in
a single building or other geographically limited area. LAN standards specify cabling and signaling at the
physical and data link layers of the Open System Interconnection (OSI) model. Ethernet, FDDI, and Token
Ring are widely used LAN technologies.
MIME —Multipurpose Internet Mail Extension. The standard for transmitting nontext data (or data that
cannot be represented in plain ASCII code) in Internet mail, such as binary, foreign language text (such as
Russian or Chinese), audio, and video data. MIME is defined in RFC 2045, Multipurpose Internet Mail
Extension (MIME) Part One: Format of Internet Message Bodies .
MPLS —Multiprotocol Label Switching. A switching method that forwards IP traffic using a label. This
label instructs the routers and the switches in the network where to forward the packets based on
preestablished IP routing information.
MQC —Modular quality of service command-line interface. A CLI that allows you to define traffic
classes, create and configure traffic policies (policy maps), and then attach the policy maps to interfaces.
Policy maps are used to apply the appropriate quality of service (QoS) to network traffic.
Protocol Discovery —A feature included with NBAR. Protocol Discovery provides a way to discover the
application protocols that are operating on an interface.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

96
Classifying Network Traffic Using NBAR in Cisco IOS XE Software

QoS —Quality of service. A measure of performance for a transmission system that reflects its
transmission quality and service availability.
RTCP —RTP Control Protocol. A protocol that monitors the QoS of an IPv6 Real-Time Transport
Protocol (RTP) connection and conveys information about the ongoing session.
Stateful protocol —A protocol that uses TCP and UDP port numbers that are determined at connection
time.
Static protocol —A protocol that uses well-defined (predetermined) TCP and UDP ports for
communication.
Subport classification —The classification of network traffic by information that is contained in the
packet payload, that is, information found beyond the TCP or UDP port number.
TCP —Transmission Control Protocol. A connection-oriented transport layer protocol that provides
reliable full-duplex data transmission. TCP is part of the TCP/IP protocol stack.
Tunneling —Tunneling is an architecture that is designed to provide the services necessary to implement
any standard point-to-point encapsulation scheme.
UDP —User Datagram Protocol. A connectionless transport layer protocol in the TCP /IP protocol stack.
UDP is a simple protocol that exchanges datagrams without acknowledgments or guaranteed delivery,
requiring that error processing and retransmission be handled by other protocols. UDP is defined in RFC
768, User Datagram Protocol .
WAN —Wide-area network. A data communications network that serves users across a broad geographic
area and often uses transmission devices provided by common carriers.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S.
and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner
does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be
actual addresses and phone numbers. Any examples, command display output, network topology diagrams,
and other figures included in the document are shown for illustrative purposes only. Any use of actual IP
addresses or phone numbers in illustrative content is unintentional and coincidental.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

97
 Example: Configuring Attribute-Based Protocol Match

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

98
 Enabling Protocol Discovery
Network-Based Application Recognition (NBAR) includes a feature called Protocol Discovery. Protocol
discovery provides an easy way to discover the application protocol packets that are passing through an
interface. When you configure NBAR, the first task is to enable protocol discovery.
This module contains concepts and tasks for enabling the Protocol Discovery feature.

• Finding Feature Information, page 99

• Prerequisites for Enabling Protocol Discovery, page 99
• Restrictions for Enabling Protocol Discovery, page 99
• Information About Protocol Discovery, page 100
• How to Enable Protocol Discovery, page 101
• Configuration Examples for Protocol Discovery, page 104
• Additional References, page 106
• Feature Information for Enabling Protocol Discovery, page 107

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature
information and caveats, see the release notes for your platform and software release. To find information
about the features documented in this module, and to see a list of the releases in which each feature is
supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for Enabling Protocol Discovery

Before enabling Protocol Discovery, read the information in the "Classifying Network Traffic Using
NBAR" module.

Restrictions for Enabling Protocol Discovery

NBAR protocol discovery does not support the following:
• Asymmetric flows with stateful protocols.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

99
 Protocol Discovery Overview
Information About Protocol Discovery

Note In the NBAR context, asymmetric flows are the flows in which different packets of the flow go through
different routers, for reasons such as load balancing implementation or asymmetric routing where packets
flow through different routes to different directions.

• NBAR processing. By design, NBAR processing is temporarily disabled during the In-Service
Software Upgrade (ISSU). The following syslog message indicates restart of NBAR classification
once ISSU is complete.
"%NBAR_HA-5-NBAR_INFO: NBAR sync DONE!"
• Multicast packet classification.
• Multiprotocol Label Switching (MPLS)-labeled packets. NBAR classifies IP packets only. You can,
however, use NBAR to classify IP traffic before the traffic is handed over to MPLS. Use the modular
quality of service (QoS) CLI (MQC) to set the IP differentiated services code point (DSCP) field on
the NBAR-classified packets and make MPLS map the DSCP setting to the MPLS experimental
(EXP) setting inside the MPLS header.
• Non-IP traffic.
• Packets that originate from or that are destined to the router running NBAR.
NBAR is not supported on the following logical interfaces:
• Dialer interfaces
• Fast Etherchannel
• Interfaces where tunneling or encryption is used
• Multilink Point-to-Point Protocol (MLPPP)
• Multiprotocol Label Switching (MPLS) VPN Routing and Forwarding (VRF)
• Port channel
• Tunneled interfaces (Generic Router Encapsulation [GRE], IP-IP, Layer 2 Tunneling Protocol [L2TP])

Note You cannot use NBAR to classify output traffic on a WAN link where tunneling or encryption is used.
Therefore, you should configure NBAR on other interfaces of the router (such as a LAN link) to perform
input classification before the traffic is switched to the WAN link.

Information About Protocol Discovery

• Protocol Discovery Overview, page 100

Protocol Discovery Overview

The Protocol Discovery feature of NBAR provides an easy way of discovering the application protocols
passing through an interface so that appropriate QoS features can be applied.
NBAR determines which protocols and applications are currently running on your network. Protocol
discovery provides an easy way of discovering the application protocols that are operating on an interface
so that appropriate QoS features can be applied. With protocol discovery, you can discover any protocol
traffic that is supported by NBAR and obtain statistics that are associated with that protocol.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

100
 Enabling Protocol Discovery
Interface Scalability

Protocol discovery maintains the following per-protocol statistics for enabled interfaces:
• Total number of input packets and bytes
• Total number of output packets and bytes
• Input bit rates
• Output bit rates
These statistics can be used when you define classes and traffic policies (sometimes known as policy maps)
for each traffic class. The traffic policies (policy maps) are used to apply specific QoS features and
functionality to the traffic classes.
• Interface Scalability, page 101

Interface Scalability
In Cisco IOS XE Release 2.4 and earlier releases, there is no limit on the number of interfaces on which
protocol discovery can be enabled.
The table below provides the details of the protocol discovery supported interface and the release number.

Table 6 Release and Protocol Discovery Interface Support

Release Number of Interfaces Supported with Protocol Discovery

Cisco IOS XE Release 2.5 128

Cisco IOS XE Release 2.6 256

Cisco IOS XE Release 2.7 32

Cisco IOS XE Release 3.2S 32

Cisco IOS XE Release 3.3S 32

In Cisco IOS XE Release 3.3S and later releases, NBAR supports the following classification:
• Static port-based classification and IP protocol-based classification for IPv6 packets.
• IPv4 and IPv6 classification for IPv4 and IPv6 VPN Routing and Forwarding (VRF) interfaces.

Note The NBAR Protocol Discovery MIB is not supported for the ip nbar protocol-discovery ipv4 and ip nbar
protocol-discovery ipv6 commands.

How to Enable Protocol Discovery

• Enabling Protocol Discovery on an Interface, page 102
• Reporting Protocol Discovery Statistics, page 103

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

101
 Enabling Protocol Discovery on an Interface
How to Enable Protocol Discovery

Enabling Protocol Discovery on an Interface

Perform this task to enable protocol discovery on an interface.

SUMMARY STEPS

1. enable
2. configure terminal
3. interface type number [name-tag]
4. ip nbar protocol-discovery [ipv4 | ipv6]
5. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
• Enter your password if prompted.
Example:

Router> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Router# configure terminal

Step 3 interface type number [name-tag] Configures an interface type and enters interface configuration mode.
• Enter the interface type and the interface number.
Example:

Router(config)# interface
fastethernet1/1/1

Step 4 ip nbar protocol-discovery [ipv4 | ipv6] Configures NBAR to discover traffic for all protocols that are known to
NBAR on a particular interface.
• (Optional) Enter the ipv4 keyword to enable protocol discovery
Example:
statistics collection for IPv4 packets, or enter the ipv6 keyword to
Router(config-if)# ip nbar protocol- enable protocol discovery statistics collection for IPv6 packets.
discovery
• Specifying either of these keywords enables the protocol discovery
statistics collection for the specified IP version only. If neither
keywords is specified, statistics collection is enabled for both IPv4 and
IPv6.
• The no form of this command is not required to disable a keyword
because the statistics collection is enabled for the specified keyword
only.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

102
 Reporting Protocol Discovery Statistics
How to Enable Protocol Discovery

Command or Action Purpose

Step 5 end (Optional) Exits interface configuration mode.

Example:

Router(config-if)# end

Reporting Protocol Discovery Statistics

Perform this task to display a report of the protocol discovery statistics per interface.

SUMMARY STEPS

1. enable
2. show policy-map interface type number
3. show ip nbar protocol-discovery [interface type number] [stats {byte-count | bit-rate | packet-
count| max-bit-rate}] [protocol protocol-name | top-n number]
4. exit

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
• Enter your password if prompted.
Example:

Router> enable

Step 2 show policy-map interface type number (Optional) Displays the packet and class statistics for all policy
maps on the specified interface.
• Enter the interface type and interface number.
Example:

Router# show policy-map interface FastEthernet

1/1/1

Step 3 show ip nbar protocol-discovery [interface type Displays the statistics gathered by the NBAR Protocol
number] [stats {byte-count | bit-rate | packet-count| Discovery feature.
max-bit-rate}] [protocol protocol-name | top-n
• (Optional) Enter keywords and arguments to fine-tune the
number]
statistics displayed. For more information on each of the
keywords, refer to the show ip nbar protocol-discovery
command in Cisco IOS Quality of Service Solutions
Example:
Command Reference.
Router# show ip nbar protocol-discovery
interface Fastethernet1/1/1

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

103
 Example: Enabling Protocol Discovery on an Interface
Configuration Examples for Protocol Discovery

Command or Action Purpose

Step 4 exit (Optional) Exits privileged EXEC mode.

Example:

Router# exit

Configuration Examples for Protocol Discovery

• Example: Enabling Protocol Discovery on an Interface, page 104
• Example: Reporting Protocol Discovery Statistics, page 105

Example: Enabling Protocol Discovery on an Interface

In the following sample configuration, protocol discovery is enabled on Fast Ethernet interface 1/1/1:

Router> enable

Router# configure terminal

Router(config)# interface fastethernet1/1/1

Router(config-if)# ip nbar protocol-discovery

Router(config-if)# end

In the following sample configuration, protocol discovery is enabled on Fast Ethernet interface 1/1/2 for
IPv6 packets:

Router> enable

Router# configure terminal

Router(config)# interface fastethernet1/1/2

Router(config-if)# ip nbar protocol-discovery ipv6

Router(config-if)# end

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

104
 Example: Reporting Protocol Discovery Statistics
Configuration Examples for Protocol Discovery

In the following sample configuration, protocol discovery is enabled on Fast Ethernet interface 1/1/2 for
IPv6 packets. Later, the protocol discovery is enabled for IPv4 packets and this does not require the no
form for the ipv6 keyword.

Router> enable

Router# configure terminal

Router(config)# interface fastethernet1/1/2

Router(config-if)# ip nbar protocol-discovery ipv6

Router(config-if)# ip nbar protocol-discovery ipv4

Router(config-if)# end

Example: Reporting Protocol Discovery Statistics

The following sample output from the show ip nbar protocol-discovery command displays the five most
active protocols on the Fast Ethernet interface 2/0/1:

Router# show ip nbar protocol-discovery top-n 5

FastEthernet2/0/1
Input Output
----- ------
Protocol Packet Count Packet Count
Byte Count Byte Count
30sec Bit Rate (bps) 30sec Bit Rate (bps)
30sec Max Bit Rate (bps) 30sec Max Bit Rate (bps)
--------------------------- ------------------------ ------------------------
rtp 3272685 3272685
242050604 242050604
768000 768000
2002000 2002000
gnutella 513574 513574
118779716 118779716
383000 383000
987000 987000
ftp 482183 482183
37606237 37606237
121000 121000
312000 312000
http 144709 144709
32351383 32351383
105000 105000
269000 269000
netbios 96606 96606
10627650 10627650
36000 36000
88000 88000
unknown 1724428 1724428
534038683 534038683
2754000 2754000
4405000 4405000
Total 6298724 6298724
989303872 989303872
4213000 4213000
8177000 8177000

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

105
 Enabling Protocol Discovery
Additional References

Additional References
Related Documents

Related Topic Document Title

Cisco IOS commands Cisco IOS Master Commands List, All Releases

QoS commands: complete command syntax, Cisco IOS Quality of Service Solutions Command
command modes, command history, defaults, usage Reference
guidelines, and examples

Concepts and information about NBAR "Classifying Network Traffic Using NBAR"
module

MQC "Applying QoS Features Using the MQC" module

Standards

Standard Title
No new or modified standards are supported, and --
support for existing standards has not been
modified.

MIBs

MIB MIBs Link

No new or modified MIBs are supported, and To locate and download MIBs for selected
support for existing MIBs has not been modified. platforms, Cisco software releases, and feature sets,
use Cisco MIB Locator found at the following
URL:
http://www.cisco.com/go/mibs

Technical Assistance

Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/
provides online resources to download index.html
documentation, software, and tools. Use these
resources to install and configure the software and
to troubleshoot and resolve technical issues with
Cisco products and technologies. Access to most
tools on the Cisco Support and Documentation
website requires a Cisco.com user ID and
password.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

106
 Enabling Protocol Discovery
Feature Information for Enabling Protocol Discovery

Feature Information for Enabling Protocol Discovery

The following table provides release information about the feature or features described in this module.
This table lists only the software release that introduced support for a given feature in a given software
release train. Unless noted otherwise, subsequent releases of that software release train also support that
feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 7 Feature Information for Enabling Protocol Discovery

Feature Name Releases Feature Information

Protocol Discovery Cisco IOS XE 2.1 Cisco IOS XE This feature was introduced on
3.3S Cisco ASR 1000 Series Routers.
The following sections provide
information about this feature:
The following commands were
introduced: ip nbar protocol
discovery, show ip nbar
protocol discovery.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S.
and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner
does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be
actual addresses and phone numbers. Any examples, command display output, network topology diagrams,
and other figures included in the document are shown for illustrative purposes only. Any use of actual IP
addresses or phone numbers in illustrative content is unintentional and coincidental.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

107
 Example: Reporting Protocol Discovery Statistics

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2

108