Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WLC AVC not blocking all Bittorrent

We recently started relying on the 5508 AVC capability to block Bittorrent, which it seems to do fairly well. But… we are getting an increasing number of take-down notices where Bittorrent was used to do something, but drilling into the data in PI shows that nothing was detected by the WLC  for the activity that led to the take-down. In other words, the system doesn’t see the Bittorrent activity.

We have all three Bittorrent protocols in use (Bittorrent/encrypted/network), and can tell that most Bittorrent is indeed being blocked. But what is getting by is probably sufficient enough that we may have to abandon the WLC P2P strategy and go back to an appliance. Has anyone been through this, and found anything else to add to the profile to help stem the Bittorrent? (We also have the obvious ones like eDonky, etc) We're on controller code 7.6.110 and the latest Protocol Pack for our WLC version.

 

Thanks-

 

Lee

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hi, For 7.6...we have 6.4 PP

Hi,

 

For 7.6...we have 6.4 PP available on CCO. Can you check your PP version:

> show avc protocol-pack version

check if its really 6.4.

The most updated PP on CCO is PP 11 which is for 8.0. I had a chance to check this PP11 and it was able to block even encrypted traffic For example https to youtube.

 

Regards

Dhiresh

10 REPLIES
Hall of Fame Super Gold

Lee,  Try using 7.6.130.0.

Lee, 

 

Try using 7.6.130.0.

New Member

Hi Leo,It's the same Protocol

Hi Leo,

It's the same Protocol Pack either way. Are you saying there is something about 7.6.130 known to work better in this regard?

 

Thanks-

 

Lee

Hall of Fame Super Gold

7.6.130.X is suppose to fix a

7.6.130.X is suppose to fix a lot of issues with the earlier versions of 7.6.X.X.

New Member

I don't see blocking

I don't see blocking bittorrent among them...

Cisco Employee

Hi ,The issue is that it

Hi ,

The issue is that it frequently changes signature. So needs special handling.The bug marked above is correct.

There is no solution on 7.6. You will have to wait for the bug resolution. In 8.0 engine is changed and the PP too , but testing still needs to be done if it would be able to block this in all the conditions.

So I will say..no in 7.6..might be in 8.0...and the best way is to tune to this bug.

 

Regards

Dhiresh

Please rate helpful posts

 

 

Cisco Employee

Hi, For 7.6...we have 6.4 PP

Hi,

 

For 7.6...we have 6.4 PP available on CCO. Can you check your PP version:

> show avc protocol-pack version

check if its really 6.4.

The most updated PP on CCO is PP 11 which is for 8.0. I had a chance to check this PP11 and it was able to block even encrypted traffic For example https to youtube.

 

Regards

Dhiresh

New Member

I inadvertently selected

I inadvertently selected "Correct Answer", as this is not really helpful.

Dhiresh, not sure how one check's to see "if it's really 6.4" beyond reading version from the WLC after installing it. I understand that 11 is the most current PP for version 8, but as I mentioned we are not on 8 and updating our large environment is not trivial and can't be done for a few months for a number of reasons (including being stuck in PI Hell on 1.4).

I too can block encrypted https and youtube- the question is specifically about Bittorrent and nothing else.

 

Cisco Employee

AVC profile not able to block

AVC profile not able to block Bit Torrent traffic
CSCuq20950
New Member

Thanks, mohanak. I can't find

Thanks, mohanak. I can't find a link for that just searching CCO- can you provide any details?

VIP Purple

https://tools.cisco.com

https://tools.cisco.com/bugsearch/bug/CSCuq20950

Symptom:
If we create an AVC profile in the WLC to drop the traffic for bittorrent, Kazaa2 and edonkey , the traffic still goes through.

Conditions:
>> Create an AVC profile on the WLC.
>> Set the rule:
application group = File sharing
application = edonkey, kazaa2 and bittorrent
Action = drop

Workaround:
.
Further Problem Description:
None

 

Known Affected Releases:
(1)
7.6(120.0)
 
622
Views
13
Helpful
10
Replies
CreatePlease to create content