Although Network Based Application Recognition (NBAR) can classify IP traffic, it cannot classify Internetwork Packet Exchange (IPX) traffic. Additionally, NBAR can classify unicast traffic, but it cannot classify multicast traffic.

NBAR enables a router to perform deep packet inspection for all packets that pass through an NBAR enabled interface. With deep packet inspection, an NBAR enabled router can classify traffic based on the content of a packet, not just the network header information.

Additionally, NBAR provides statistical reporting relative to each recognized application. For example, NBAR can be used to track bandwidth usage for each protocol type.

NBAR can classify traffic that uses Transmission Control Protocol (TCP), such as Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP) traffic, and traffic that uses User
Datagram Protocol (UDP), such as Dynamic Host Configuration Protocol (DHCP) and Trivial File Transfer Protocol (TFTP) traffic. Additionally, NBAR can classify IP traffic that does notuse TCP or UDP, such as Generic Routing Encapsulation (GRE) and IP Security (IPSec) traffic. Not only can NBAR classify traffic that uses static port numbers, it can also classify traffic that uses dynamically assigned port numbers.

Before NBAR can classify any traffic, Cisco Express Forwarding (CEF) must be enabled on the router. CEF is enabled by default on Cisco routers. If CEF has been disabled by the no ip cef command, you can reenable CEF by issuing the ip cef command.

You can configure NBAR to classify inbound traffic on an interface by issuing the servicepolicy input command. Alternatively, you can configure NBAR to classify outbound traffic by issuing the service-policy output command.