Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
331
Views
0
Helpful
2
Replies

6513 MSFC2 & NBAR

Odissefs
Level 1
Level 1

‎12-28-2005 12:25 AM - edited ‎03-03-2019 01:15 AM

Hi,

i'm trying to block peer2peer connections using NBAR on MSFC2.

nbar can recognize and monitor traffic but cannot be able to block it.

i started suspecting of msfc doesn't support blocking traffic with nbar.

6513 has hybrid CatOS/IOS

CatOS8.3(4) on SUP2

IOS 12.2(14)ZA7 on MSFC2

Labels:
0 Helpful
2 Replies 2

spremkumar
Level 9
Level 9

‎12-28-2005 12:45 AM

Hi

As per the supporting doc it says that NBAR is supported in MSFC2 with SUP1 or SUP2..

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455985.html#wp1088439

can you post out ur config which ur using up to block the P2P connections ?

regds

0 Helpful

Odissefs
Level 1
Level 1
In response to spremkumar

‎12-28-2005 01:05 AM

Hi,

_______________________________

!

ip nbar pdlm bootflash:bittorrent.pdlm

ip nbar pdlm bootflash:eDonkey.pdlm

ip nbar pdlm bootflash:gnutella.pdlm

ip nbar pdlm bootflash:kazaa2.pdlm

!

!

!

class-map match-any gnutella

match protocol gnutella

class-map match-any bittorrent

match protocol bittorrent

class-map match-any kazaa2

match protocol kazaa2

class-map match-any fasttrack

match protocol fasttrack

class-map match-any edonkey

match protocol edonkey

!

!

policy-map peer2peer

class edonkey

bandwidth percent 1 !!!!! no "drop" parameter is available, so i try to limit BW usage :(

class bittorrent

bandwidth percent 1

class fasttrack

police 8000 1500 1500 conform-action transmit exceed-action drop violate-action drop

class gnutella

police 8000 1500 1500 conform-action transmit exceed-action drop violate-action drop

class kazaa2

police 8000 1500 1500 conform-action transmit exceed-action drop violate-action drop

policy-map kazaa

!

interface vlan 3

service policy input peer2peer

______________________________________________

when i check for policy-map (sh policy-map interface vlan 3), if it matches any packet and police them, it seems nothing matches the policy-map, but i can see traffic with "sh ip nbar protocol-discovery".

also i tried to catch p2p traffic with a route-map and route them to interface null0, but "set interface null0" command is not available :))

______________________________________

if you could help i'll be appriciated

thanks

regards

0 Helpful
Customers Also Viewed These Support Documents