04-20-2008 12:22 AM - edited 03-09-2019 08:32 PM
hi all,
I configured NBAR to block all peer-peer softwares which comes under fasttrack and Gnutella. It is blocking some of the peer-peer softwares. But its not blocking Limewire which falls under Gnutella. Is there any way to block this?
Regds
Savad
04-25-2008 05:35 AM
Yes, I think NBAR currently does not support Limewire classification. Another way you can block TCP/UDP ports 6346, 6347 to drop significant Limewire packets.
04-26-2008 08:58 PM
thanks owillins
04-27-2008 12:25 PM
HI Muhammed, [Pls Rate if HELPS]
Cisco IOS version 12.4(4)T introduced the much awaited Skype classification in NBAR. Now, with simple policy you can block Skype in much the same way as you used to block kazza, limewire, and other p2p applications.
Example:
=========
NBAR configuration to drop Skype packets
class "map match" any p2p
match protocol skype
policy "map block" p2p
class p2p
drop
int FastEthernet0
description PIX "facing interface service"
policy "input block" p2p
If you are unsure about the bandwidth-eating applications being used in your organization, you can access the interface connected to the Internet and configure using the following command:
"ip nbar protocol-discovery"
This will enable nbar discovery on your router.
If you use the following command:
"show ip nbar protocol-discovery stats bit-rate top-n 10"
It will show you the top 10 bandwidth-eating applications being used by the users. Now, you will be able to block/restrict traffic with appropriate QoS policy.
You can also use "ip nbar port-map" command to look for the protocol or protocol name using a port number or numbers other than the well-known Internet Assigned Numbers Authority (IANA)-assigned port numbers.
Usage as per Cisco:
====================
"ip nbar port-map protocol-name [tcp | udp] port-number"
Up to 16 ports can be specified with the above command. Port number values can range from 0 to 65535.
Note: New PDLMs may have to be loaded to match more recent versions of some protocols.
Hope I am Informative.
Pls RATE if HELPS
Best Regards,
Guru Prasad R
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: