Skip to main content
Cisco Meraki

NBAR integration with MS390

Network Based Application Recognition (NBAR) is an advanced application recognition engine developed by Cisco that utilizes several classification techniques and has the ability to dynamically update its classification rules. It supports more than 1400 applications and sub-classifications, with less than 1% unknown and less than 1% unclassified encrypted traffic. 

NBAR advantages over the traditional Meraki Traffic Analytics

  • Out-of-the-box visibility into more than 1400 applications running on a network

  • Well-established traffic classification engine used by many traditional Cisco products

Use cases

  • NBAR on MS390 provides better application visibility compared to a traditional Meraki Traffic Analytics and reduces the number of uncategorized applications such as Miscellaneous secure web.


MS390 is the only supported platform for NBAR at the moment. NBAR is enabled by default in MS390. NBAR is used only for traffic analysis in a switch network.


Without NBAR you would see the following Application details.



Categories like “Miscellaneous secure web” and “UDP” with groups multiple traffic flows into one category. 


With NBAR enabled, you will notice a much more detailed view on the Application details page. For example:




A network consist of NBAR supported or non-supported platforms can still run NBAR and traffic analysis (TA) at the same time. For more clarity here are 2 examples

Ms390 (1).svg


For scenario1: Ingress traffic will only be classified in MS355 with regular TA. So users will not see detailed client traffic classification in this case. 


For scenario2: Ingress traffic will only be classified in MS390 with NBAR. Users will see detailed client traffic classification in this case. 

This is by design as Meraki switches shut-off sampling on switch ports that receive LLDP packets which identify the neighboring device as another Meraki switch in the same Dashboard network.

  • Was this article helpful?