Performing Advanced Administration › Set Up Application Mapping › Create an NBAR2 Application Mapping Rule

Create an NBAR2 Application Mapping Rule

Create NBAR2 (Next Generation Network-Based Application Recognition) application mapping rules to identify NBAR2 application traffic in reports. NBAR2 rules can identify traffic for individual applications, combine traffic for multiple applications, or separate NBAR2 traffic from other traffic.

If multiple rules map traffic to the same destination port, the program gives the rules the same name--the name you specified most recently. The rule name is the label for the NBAR2 traffic in reports.

This topic describes how to create NBAR2 application mapping rules individually on the Applications Definitions page. You also can batch import NBAR2 application rules by using the command line. For more information about command-line import options, see the topics beginning with Import Application Mapping Rules.

Notes:

• To display NBAR2 data in reports, your routers must be configured to return IPFIX flows that include the appropriate NBAR2 fields
• Application mapping supports rules for the applications that are identified by the standard Cisco NBAR2 engine (NBAR2 engine 13), but not for applications that are identified by custom NBAR2 engines.

Follow these steps:

1. Open the Application Definitions page:
   1. Select Administration from the NFA console menu.

      The Administration page opens.

   2. Select Application Definitions in the Administration menu.

   The Application Definitions page opens.

2. Verify that Application Mapping is the selected value for Rules.
3. Click Add Rule.

   The Add Application Mapping dialog opens.

4. Select NBAR2 from the list of rule types.

   The dialog switches to NBAR2 rule mode.

5. Specify values for the following settings:
   • NBAR2 Application ID: The application ID that is defined by the standard NBAR2 engine.

     Specify the application ID correctly or the rule does not function as expected. The application IDs are included in the nbar2.csv file in the following folder: <install_path>/reporter/racmd.

   • Destination Port: Target port that collects the mapped data

     If you specify a destination port that is already used by other rules, the traffic for the related rules will be combined.

     (Optional) Click Check to run a general check to detect whether the specified port is already receiving data. The check fails if the port is receiving native data--that is, data that is not mapped by application mapping rules. If any native data is on the specified destination port, that data is redirected to the rebase port.

   • Name: Identifier for the rule as it is listed on the Application Definitions page

     The rule name also is the label for the mapped traffic in certain reports. If other rules map traffic to the same destination port that you specify for this rule, specify the name that you want to use for the combined traffic.

   • Description: (Optional) Additional descriptive text to identify the rule type and its use, which is displayed only on the Application Definitions page

   Note: The NBAR2 Engine ID value is pre-populated and cannot be edited. The value is 13, the standard NBAR2 engine.

6. Click Save.

   The dialog closes. The new rule is added to the Application Mapping rule list. If any other rules map traffic to the same port and you specified a new rule name, the other rule names are updated.

7. (Optional) Run reports to verify that the traffic on the designated destination port fits the rule.
8. (Optional) Review the effects of the new or changed application mapping rules on reports, then consider renaming the rule to label the mapped traffic more clearly in reports.