06-25-2007 12:49 PM - edited 03-03-2019 05:36 PM
Hi,
When i run the following command ion the 1841 router
sh ip nbar protocol-discovery top-n 20
I see napster along with unknown traffic.
The question is how can I disable outgoing napster traffic and how to determent unknown protocols being used from inside out.
Thank you for any help
06-25-2007 01:01 PM
Hi,
Here you are a method to block napster:
class-map match-any napster
match protocol napster
policy-map mark-napster
class napster
set dscp 1
interface FastEthernet0/0
service-policy input mark-napster
interface Serial1/0.1 point-to-point
ip access-group 103 out
access-list 103 deny ip any any dscp 1
access-list 103 permit ip any any
HTH,
Mohammed Mahmoud.
06-25-2007 01:17 PM
Hi ,
assuming that my LAN interface is fastethernet 0/0 and the 0/1 goes to the WAN.
I guess that in your case serial is the WAN.
all the rest should be as you have typed, correct?
Thanks
06-25-2007 06:34 PM
Yes, in your case the WAN link would be fa 0/1 where you will apply your policy-map.
The configuration suggested by mohammed does does marking at the input and uses an access-list at the output
If you want to drop the traffic, you can also police the napster traffic to the minimum value and drop it when this exceeds
policy-map mapster
class napster
police 8000 exceed-action-drop
HTH, rate if it does
Narayan
06-25-2007 11:02 PM
Hi,
Yes as Narayan has told you, your f0/1 would be the WAN link (instead of the serial in my case), and there are multiple ways to do it, and Narayan's example is another valid example.
HTH,
Mohammed Mahmoud.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide