You should issue the service-policy command to manually attach a traffic policy to an interface. Network Based Application Recognition (NBAR) is a Quality of Service (QoS) feature that classifies application traffic that flows through a router interface. You can use the Cisco IOS modular QoS commandline interface (MQC) to manually configure NBAR on a router or a switch. Before NBAR can classify any traffic, Cisco Express Forwarding (CEF) must be enabled on the router. CEF is enabled by default on Cisco routers. If CEF has been disabled by the no ip cef command, you can reenable CEF by issuing the ip cef command.
There are three mandatory steps in a typical NBAR configuration:
1. Define a class map.
2. Configure a policy map.
3. Attach the policy map to an interface.
The first step in an NBAR configuration is to define a class map, also known as a traffic class. A class map is used to identify packets based on the parameters that you specify. Packets that match the parameters are considered to be part of a particular traffic class. You should issue the class-map command to create a class map and to place the router in classmap configuration mode. From class-map configuration mode, you can use match protocol statements to identify the traffic that should be discovered and classified by NBAR. For example, the command set below creates the class map named secureshell, which identifies incoming Secure Shell (SSH) packets:
Router(config)#class-map secureshell Router(config-cmap)#match protocol ssh Router(config-cmap)#exit

However, if an application or protocol has been configured to use nonstandard port numbers, you can issue the ip nbar portmap command to modify the NBAR configuration accordingly. For example, if SSH servers on the network are configured to listen on ports 22 and 2222, you should issue the ip nbar portmap ssh tcp 22 2222 command to modify the default NBAR port mapping for SSH.
Next, you should issue the policymap command to configure a policy map and to enter policymap configuration mode. A policy map ties a traffic class to a QoS policy and is used to define actions that are performed on packets identified in a particular class map. For example, the command set below creates a policy map named NBAR policy and then specifies that any packets identified by the class map named secure-shell should be rate-limited to 128 Kbps:
Router(config)#policy-map NBAR-policy Router(config-pmap)#class secure-shell Router(config-pmap-c)#bandwidth 128 Router(config-pmap-c)#exit Router(config-pmap)#exit
Then you should issue the service-policy command from interface configuration mode to apply the QoS policy to a particular interface. A service policy can be applied in either the inbound or the outbound direction. For example, the command set below applies the service policy named NBARpolicy to the Serial1/0 interface in the inbound direction:
Router(config)#interface serial 1/0 Router(config-if)#servicepolicy input NBARpolicy Router(config-if)#exit
The ip nbar protocol-discovery command can be issued from interface configuration mode to record traffic statistics based on packet content. Either or both inbound and outbound traffic can be monitored. To monitor only IPv4 traffic, you should issue the ip nbar protocol-discovery ipv4 command; to monitor only IPv6 traffic, you should issue the ip nbar protocol-discovery ipv6 command.
The auto qos command enables AutoQoS, which automatically configures QoS settings on an interface. However, if you have manually configured and attached a service policy to an interface by issuing the service-policy command, you cannot use AutoQoS to automatically configure QoS.