NBAR is an advanced application recognition engine developed by Cisco that utilizes several classification techniques and has the ability to dynamically update its classification rules. It supports more than 1400 applications and sub-classifications, with less than 1% unknown and less than 1% unclassified encrypted traffic.
NBAR advantages over the traditional Meraki Traffic Analytics
Out-of-the-box visibility into more than 1400 applications running on a network
More granular Layer 7 and Traffic Shaping rules using enhanced visibility for applications
Well-established traffic classification engine used by many traditional Cisco products
Deep Packet Inspection
NBAR on MR access points provides better application visibility compared to a traditional Meraki Traffic Analytics and reduces the number of uncategorized applications such as Miscellaneous secure web.
Without NBAR you would see the following Application details.
Note categories like “Miscellaneous secure web” and “UDP” with groups multiple traffic flows into one category.
With NBAR enabled, you will notice a much more detailed view on the Application details page. For example:
Because NBAR allows MR access points to categorize more applications, it also allows admins to enforce more granular L7 firewall and traffic shaping rules, giving Meraki admins more flexibility into blocking and prioritizing the desired applications:
Note: Due to hardware limitations NBAR integration with MR access points is supported only on the 802.11ax (WiFi-6) access points and not supported on 802.11ac (WiFi-5) Wave 2 and previous generations of MR access points.
All MR access points in a network must be 802.11ax (WiFi-6) APs
A network firmware must be set to MR 27.1+ version *
The network type must be Wireless or Combined (MS - any switch models + MR - WiFi-6 APs only)
The network must not be a configuration template or be bound to a configuration template
* MR 27+ firmware is not supported on all MR models. Please refer to the to Product Firmware Version Restrictions
Since all MR access points in a network must be 802.11ax (WiFi-6) in order to support NBAR and ensure that Layer 7 and Traffic Shaping rules that are based on NBAR classification are uniformly enforced on all MRs in a network, currently, it's not allowed to add non-WiFi-6 MRs to a network that consists of only WiFi-6 MR with the network firmware set to MR 27.1+. You might run into this corner case if you are adding non-WiFi-6 MR(s) to a network that only has WiFi-6 MR(s) and running MR 27.1 + firmware. When you try to add non-WiFi-6 MR(s) to such network from your Inventory, a banner similar to the following will pop up:
Similarly, if you try to move non-WiFi-6 MR(s) to a network that only has WiFi-6 MR(s) and running MR 27.1 + firmware the following message will appear:
If you still wish to add or move non-WiFi-6 MR(s), please follow the steps below.
Warning: Following the steps below will remove any Layer 7 Firewall rules and/or Traffic Shaping rules that use application(s) categorized by NBAR from the dashboard if such rules are configured. These rules will no longer be enforced.
- Temporarily disable Traffic analysis from Network-wide > Configure > General page - Traffic analysis section. Change Traffic analysis option to Disabled: do not collect traffic types.
- Add non-WiFi-6 MR(s) to the network
- Re-enable Traffic analysis. Please note that NBAR will stay disabled in this network as long as non-WiFi-6 APs are present in the network.
If you would like to re-enable NBAR in this network please remove any non-WiFi-6 APs from the network.
After non-WiFi-6 APs are removed from the network and the network meets the rest of the NBAR requirements, Layer 7 Firewall rules and Traffic Shaping rules that use application(s) categorized by NBAR will be automatically restored if no changes have been made to these rules. Any changes made to the Layer 7 or Traffic Shaping rules while non-WiFi-6 APs have been present in the network will overwrite previously configured Layer 7 Firewall rules or Traffic Shaping rules that use NBAR.