NBAR not working

Unanswered Question
May 13th, 2009

We use Bittorrent PDLM to bock bittorrent download, but after we implemented the command, BT still working:

1. we download the PDLM and copy into bootflash:

GOV001#dir

Directory of bootflash:/

1 -rw- 8103684 Jan 14 2000 07:22:27 +08:00 c7200-kboot-mz.124-12.bin

2 -rw- 1752 May 13 2009 16:08:58 +08:00 kazaa2.pdlm

3 -rw- 2377 May 13 2009 16:09:31 +08:00 gnutella.pdlm

4 -rw- 3492 May 13 2009 16:10:14 +08:00 eDonkey.pdlm

5 -rw- 3100 May 13 2009 16:10:51 +08:00 bittorrent.pdlm

2.there are NBAR ERROR messages prompted after we put the following commands:

ip nbar pdlm bootflash://bittorrent.pdlm

ip nbar pdlm bootflash://eDonkey.pdlm

GOV001(config)#ip nbar pdlm bootflash://bittorrent.pdlm

% NBAR ERROR: protocol_list_index not found in map table

% NBAR ERROR: protocol_list_index not found in map table

% NBAR ERROR: protocol_list_index not found in map table

% NBAR ERROR: protocol_list_index not found in map table

% NBAR ERROR: protocol_list_index not found in map table

% NBAR ERROR: protocol_list_index not found in map table

% NBAR ERROR: protocol_list_index not found in map table

% NBAR ERROR: protocol_list_index not found in map table

SGKDHARGOV001(config)#ip nbar pdlm bootflash://eDonkey.pdlm

% NBAR ERROR: protocol_list_index not found in map table

% NBAR ERROR: protocol_list_index not found in map table

% NBAR ERROR: protocol_list_index not found in map table

% NBAR ERROR: protocol_list_index not found in map table

% NBAR ERROR: protocol_list_index not found in map table

% NBAR ERROR: protocol_list_index not found in map table

% NBAR ERROR: protocol_list_index not found in map table

% NBAR ERROR: protocol_list_index not found in map table

3. the following are class-map policy-map command:

class-map match-any P2P

match protocol bittorrent

match protocol edonkey

policy-map dropP2P

class P2P

drop

interface GigabitEthernet0/1

desc "internet facing"

ip address x.x.x.x 255.255.255.252

ip access-group anitspoof in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip nbar protocol-discovery

duplex full

speed 100

media-type rj45

no negotiation auto

service-policy input dropP2P

After that, we use:

GOV001#sh ip nbar pr pr bittorrent

GigabitEthernet0/1

Input Output

Protocol Packet Count Packet Count

Byte Count Byte Count

5 minute bit rate (bps) 5 minute bit rate (bps)

------------------------ ------------------------ ------------------------

bittorrent 698 566

71612 50985

1000 1000

unknown 23383 17875

1998977 10357303

59000 229000

Total 25688 20547

2929115 12001987

87000 284000

we can see nbar matched bittorrent packet, but it cannot drop it. how can help me to slove it?

thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion