Block P2P, iTunes, etc. at the switch level

julianunderwood · ‎02-20-2008

Dear Netpros, Does anyone know how to block things like iTunes sharing, P2P programs like Limewire at the switch level? We have this blocked at the router level, but we have people using bandwidth on the LAN which we would like to stop. Does anyone have any suggestions or could point me towards an article? These switches are 2950's and older. Many thanks!

Julian

ajagadee · ‎02-20-2008

It is going to be challenging to block P2P programs at the switch level. While you could apply ACL to the access ports, the entries are going to be static and not dynamic. Meaning, with the latest limewire software, it is my understanding that the download ports are random TCP Ports. So, with static ACL entries, its not possible to block these ports.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea2/configuration/guide/swacl.html

What you really need is NBAR like feature that will look for specific applications and then apply policy towards it. But, NBAR is more a router feature and not available on switches. So, at this time, other than Port ACL's, I dont think there is another option to prevent P2P Applications from communicating to each other. Also, this is only for static ports and not dynamic.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6612/ps6653/prod_qas09186a00800a3ded_ps6616_Products_Q_and_A_Item.html

Regards,

Arul

** Please rate all helpful posts **