I already tried this class map but limewire is still able to download....

I'm dealing with the same issue:

NBAR protocol-discovery SEES gnutella traffic but it never DROPS it per the policy.

I'll be watching this post to see if a solution presents itself.

I got this config on my fa0/0 but lime wire still able to download...........any ideas...

class-map match-any sdm_p2p_kazaa

match protocol fasttrack

match protocol kazaa2

class-map match-any sdm_p2p_edonkey

match protocol edonkey

class-map match-any sdm_p2p_gnutella

match protocol gnutella file-transfer "*

class-map match-any sdm_p2p_bittorrent

match protocol bittorrent

!

!

policy-map sdmappfwp2p_AM-firewall

class sdm_p2p_edonkey

drop

class sdm_p2p_gnutella

drop

class sdm_p2p_kazaa

drop

class sdm_p2p_bittorrent

drop

Answered here:-

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&topicID=.ee6e1fa&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc1b25a

HTH>

It seems from the previous posts NBAR is in use to achieve the aim of blocking or dropping Limewire traffic. The issue I/we have arrived at is that NBAR sees the traffic (at least in my case) but doesn't drop it per the policy map. From my router this AM I see this:

show ip nbar protocol-discovery

gnutella Byte count in 1235245 Byte count out 52201940

show policy-map (on the interface in use)

Match: protocol gnutella file-transfer "*"

0 packets, 0 bytes

5 minute rate 0 bps

I'm still trying to use NBAR to Drop gnutella file-transfer traffic. Sadly this still isn't happening, here is the config to class and drop; any suggestions on this config?

class-map match-any Crap

match protocol bittorrent

match protocol edonkey

match protocol gnutella file-transfer "*"

match protocol fasttrack file-transfer "*"

match protocol h323

!

!

policy-map drop-Crap

class Crap

drop

interface FastEthernet0/0

***

service-policy input drop-Crap

Thoughts?

Thanks