Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Blocking Kazaa2 NBAR

I have read post where people have been successful slowing down these file share programs with NBAR. I have configured this on our router. It doesn't work for whatever reason. Here is the config I'm using.

Cisco 7200 Router IOS version 12.2(11)T2

Policy Map StopP2P

Class P2P

police cir 8000 bc 1500 be 1500

conform-action drop

exceed-action drop

violate-action drop

Class Map match-any P2P (id 2)

Match protocol fasttrack

Match protocol gnutella

Match protocol kazaa2

I've tried the filetransfer * too. When I test it, I can view the Policy Map on the interface and I see some hits, but many of the downloads are far faster than 8000 bits.

Service-policy input: StopP2P

Class-map: P2P (match-any)

339 packets, 104200 bytes

30 second offered rate 1000 bps, drop rate 1000 bps

Match: protocol fasttrack

90 packets, 8338 bytes

30 second rate 0 bps

Match: protocol kazaa2

249 packets, 95862 bytes

30 second rate 1000 bps

Match: protocol gnutella

0 packets, 0 bytes

30 second rate 0 bps


cir 8000 bps, bc 1500 bytes, be 1500 bytes

conformed 316 packets, 73088 bytes; actions:


exceeded 7 packets, 9103 bytes; actions:


violated 16 packets, 22009 bytes; actions:


conformed 1000 bps, exceed 0 bps, violate 0 bps

Class-map: class-default (match-any)

651544 packets, 274779782 bytes

30 second offered rate 3416000 bps, drop rate 0 bps

Match: any

Any help would be greatly appreciated. Thanks.


Re: Blocking Kazaa2 NBAR

You could capture the output of "show pol int" to see if the kazaa2 packets are being classified. If you don't see any packets being classified, we need to find out if kazaa2 packets are getting to the router.

New Member

Re: Blocking Kazaa2 NBAR

Thanks for the reply. Actually, it is working and was when I started the thread. I didn't think it was working because sometimes I could get a download depending on which fileshare program I tried. Come to find out, the pdlm files are being updated by Cisco and should be released around this December. They are being updated to detect the new versions of Kazaa and Imesh. That's what I was told. So the NBAR is currently working as designed.

CreatePlease to create content