Network Based Application Recognition (NBAR) is an advanced application recognition engine developed by Cisco that utilizes several classification techniques and has the ability to dynamically update its classification rules. It supports more than 1400 applications and sub-classifications, with less than 1% unknown and less than 1% unclassified encrypted traffic.
NBAR advantages over the traditional Meraki Traffic Analytics
Out-of-the-box visibility into more than 1400 applications running on a network
Well-established traffic classification engine used by many traditional Cisco products
NBAR on MS390 provides better application visibility compared to a traditional Meraki Traffic Analytics and reduces the number of uncategorized applications such as Miscellaneous secure web.
MS390 is the only supported platform for NBAR at the moment. NBAR is enabled by default in MS390. NBAR is used only for traffic analysis in a switch network.
Without NBAR you would see the following Application details.
Categories like “Miscellaneous secure web” and “UDP” with groups multiple traffic flows into one category.
With NBAR enabled, you will notice a much more detailed view on the Application details page. For example:
A network consist of NBAR supported or non-supported platforms can still run NBAR and traffic analysis (TA) at the same time. For more clarity here are 2 examples
For scenario1: Ingress traffic will only be classified in MS355 with regular TA. So users will not see detailed client traffic classification in this case.
For scenario2: Ingress traffic will only be classified in MS390 with NBAR. Users will see detailed client traffic classification in this case.
This is by design as Meraki switches shut-off sampling on switch ports that receive LLDP packets which identify the neighboring device as another Meraki switch in the same Dashboard network.