Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to block torrent traffic using WLC AVC?

Hi,

We are trying to investigate ways of blocking torrent traffic on our WLANs and currently testing the AVC feature on a pair of 5500 WLCs running 7.4.100.

WLAN traffic is anchored from a "Campus" WLC to a "DMZ" WLC. An AVC profile was created on each WLC to Drop "bittorrent" and "encrypted bittorent" traffic and was applied on the WLANs.

A laptop was configured with 2 torrent clients (utorrent and bittorrent).

Following extensive testing we came up with the following results:

- The foreign WLC is not able to identify the applications running over the wireless traffic. AVC is properly running on the anchor WLC.

- When using the utorrent application, the anchor WLC was able to categorize the traffic as bittorrent traffic. On the other hand torrent traffic was not blocked and after downloading a 70MB file on the laptop, AVC reported only 500Kb of bit torrent traffic

- When using the bittorrent application, traffic was blocked successfully.

Has anybody been able to successfully block torrent traffic using this feature on a production network?

Are there any commands to identify the amount of packets denied by the AVC policy?

Thanks,

Theo

Everyone's tags (3)
9 REPLIES
Hall of Fame Super Gold

How to block torrent traffic using WLC AVC?

First of, try using 7.4.121.0 firmware and test again.

Cisco Employee

How to block torrent traffic using WLC AVC?

#AVC on guest anchor works, You'll only see the AVC info on the anchor. Foreign WLC AVC stats will show blank.

#open TAC case for troubleshooting in detail.

VIP Purple

Re: How to block torrent traffic using WLC AVC?

Hi

Here is the protocol list supported in NBAR2

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html

I can see "bittorrent", "encrypted-bittorrent", "bittorrent-networking" as recognised protocol in the list, but nothing for utorrent.

From WLC code 7.5 onwards you can update these protocol packs on your controller (see below for more detail)

http://www.cisco.com/en/US/docs/wireless/controller/technotes/7.5/AVC_dg7point5.html

Protocol pack 4.1.1 is the latest for 7.5 code. Here is the more information about it.

http://www.cisco.com/en/US/docs/wireless/controller/nbar2_prot_pack/4.1.1/b_nbar2_prot_pack_411.html

Latest protocol pack (pp-AIR-7.6-13-6.3.0.pack) is available for 7.6 code version if you would like to test it out.

HTH

Rasika

**** Pls rate all useful responses ****

New Member

How to block torrent traffic using WLC AVC?


Hi,

Is bittorrent the only protocol that is used for p2p torrent file sharing?

Do you believe it is worth blocking traffic upstream using another device (FW, IPS etc) in order to offload the WLC?

Unfortunately for the time being we can only use 7.4.100

Thanks,

Theo

VIP Purple

How to block torrent traffic using WLC AVC?

Hi Theo,

Yes, if you have a mechanism to block these sort of thing using another device, I would go for it. Then you can do this to both your wired & wireless traffic at one place.

If you want to do something, only for wireless traffic then AVC is a good choice.

HTH

Rasika

**** Pls rate all useful responses ****

New Member

Hello Manannalage, What's the

Hello Manannalage,

 

What's the difference between bittorrent, encrypted-bittorrent et bittorrent-networking ?

I often see bittorrent on the top 10 of the applications on 1 of our WLC, but i'm always wondering if that means utorrent, or something else which could slow the network...

 

Regards,

AL

New Member

How to block torrent traffic using WLC AVC?

Hi Tsak,

I would personally block Bittorrent using a Firewall upstream. The main reason for this is that BT is a little trickier to block than regular data (https://supportforums.cisco.com/thread/2163045)

For this reason it makes sense to me to move the task of blocking it up to the Firewall.

Other advantages are that I find that firewalls are generally easier to configure and it offloads that cpu work from your WLC.

The main disadvantage is that any security expert or best practice would tell you to block unwanted traffic as close to the source as possible.


New Member

How to block torrent traffic using WLC AVC?

Hi All,

I am facing a similar situation with Anchor Controller Wireless Network for Guest Access. We want to block application similar to one listed.

Issues

1 - Unfortunately, a single WLAN can only accomodate 32 rules. Is there any possible solution to deal more application rules.

2. I have configured the AVC profile on the Controller in DMZ and applied to the Guest wLAN. But configuring AVC profile and enablng on the Foreign controller Guest wLAN did not drop the applications. Any comments on what is the best practices for this scenario.

Thanks

AJ

Cisco Employee

As you are using 5500

As you are using 5500 controller so better use firmware >=7.5 and use NBAR2 OR you can also use AVC.

BUT the best practice is to offload the workload from controller and use FW. As torrrent blocking need deep packet inspection and controller is not the best in blocking such traffic efficiently.

 

 

 

3802
Views
10
Helpful
9
Replies
CreatePlease login to create content