I've talked about using Cisco
<acronym title="Network-Based Application Recognition">NBAR
</acronym> frequently (check the Related Posts section below for more articles). One thing I've never pointed out is that not all versions of Cisco
<acronym title="Internetwork Operating System">IOS
</acronym> come with all protocol descriptions built in.
The process is really quite simple. Cisco makes updated Protocol Description Language Modules (PDLMs) available via their web site. A CCO login is required. These modules include not only known
<acronym title="Transmission Control Protocol">TCP
<acronym title="User Datagram Protocol">UDP
</acronym> port information for these protocols, but the necessary deep packet inspection information that allows IOS to recognize protocols that do not always use particular ports.
Once you've downloaded the PDLM file (it comes zipped up with a Readme
<acronym title="Portable Document Format">PDF
</acronym>), put it somewhere that is accessible by your router. I use
<acronym title="Trivial File Transmission Protocol">TFTP
</acronym>, but there are plenty of options available depending on which version of IOS you are using. Copy the PDLM file onto your router's flash. For me, this was as easy as
copy tftp://tftp/directconnect.pdlm flash:
Once that's done, you'll need to let IOS know where to find the new protocol description.
ip nbar pdlm flash:directconnect.pdlm
Obviously, you'll need to account for system differences when running your commands, but the general procedure is the same on all platforms. These particular commands were run on a Cisco 3725 router.
Even if your version of IOS has all the PDLMs you need built in, you should keep an eye out for any updates that Cisco makes available. As protocols evolve and change, the PDLM will too.