CCIE Security Written Exam: NBAR Configuration for Matching RTP Payload Types

CCIE Security Exam: NBAR RTP Configuration

Prev Question Next Question


class-map nbar_rtp match protocol rtp payload-type "0, 1, 4 - 0x10, 10001b - 10010b, 64" The above NBAR configuration matches RTP traffic with which payload types?



Click on the arrows to vote for the correct answer

A. B. C. D.


The given class-map configuration is used for Network-Based Application Recognition (NBAR), which allows the network to identify and classify different types of network traffic based on various criteria such as protocols, port numbers, or payload types.

The configuration specifies the match criteria for RTP traffic with specific payload types. The payload type field in RTP is a 7-bit field that identifies the format of the RTP payload, such as audio or video encoding.

Let's break down the payload types specified in the configuration:

  • "0, 1, 4" match RTP payload types 0, 1, and 4
  • "0x10" matches RTP payload type 16 in hexadecimal format
  • "10001b - 10010b" matches RTP payload types 17 to 18 in binary format
  • "64" matches RTP payload type 64

Therefore, the class-map matches RTP traffic with the following payload types: 0, 1, 4, 16, 17, 18, and 64.

Based on this, the correct answer is (D) "0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 64". Answer (D) is incorrect because it includes payload types 5 to 14, which are not included in the class-map configuration. Answer (C) is incorrect because it includes payload types 19, which is not included in the configuration. Answer (B) is incorrect because it only includes payload types 0 to 10, which is not complete.