Supported Devices and IOS Versions

Here is some of the more notable information about devices and IOS versions supporting NBAR:

NBAR was introduced in Cisco IOS Software Release 12.0(5)XE2 and initially supported the Cisco 7100 and 7200 series routers.
DNBAR was introduced with IOS releases 12.1(6)E, 12.2(4)T3, and 12.2(14)S. It supported the VIP-enabled Cisco 7500 series routers and Catalyst 6000 family switches with a FlexWAN module.
NBAR was introduced on the Cisco 800 series routers running IOS release 12.3 T.
Real-Time Protocol Payload Classification was added in IOS 12.2(8)T and 12.1(11b)E.
Dialer interfaces are supported since IOS release 12.2(4)T.
Matching beyond the first 400 bytes in a packet payload was not supported initially. IOS release 12.3(7)T removed this restriction, and NBAR now supports full payload inspection. The exception is that custom protocol traffic can be inspected for only the first 255 bytes of the payload.
NBAR-supported platforms include the Cisco 800 (12.3T), 1700, 2600, 2800, 3600, 3700, 3800, 7100 (12.0(5)XE2), 7100uBR, 7200 (12.0(5)XE2), 7200 uBR, 7300, 7500 (VIP), and Catalyst 6500 (with or without a FlexWAN card).
On the Catalyst 6500, NBAR support differs between the various supervisor cards:
- Sup2: traffic is sent to the control plane (MSFC), which bypasses hardware forwarding.
- Certain WAN modules such as the FlexWAN and SIP-200 support NBAR.
- The Sup720 and Sup32 do not support NBAR.
- The new Programmable Intelligent Services Adapter (PISA) supervisory card (sup32-PISA) integrates the functionality of the MSFC2a into the card. This card implements NBAR in hardware and enables Sup32 to support NBAR.