Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Bittorent with 2801_NBAR

I have a 2801 router in my one of corporate office, which i have configured NBAR with MQC. I need to bloclk peer to peer application like bittorrent.

But router is not able to block bittorrent traffic, other peer to peer can block. version of bittorrent is 6.1.2 and IOS version is 12.411T4.

xxxx#sh policy-map int fa 0/0

Service-policy output: Block_P2P

Class-map: Block_P2P (match-any)

46481 packets, 5112152 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol fasttrack

1120 packets, 73977 bytes

5 minute rate 0 bps

Match: protocol gnutella

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol kazaa2

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol edonkey

22098 packets, 2576056 bytes

5 minute rate 0 bps

Match: protocol winmx

1856 packets, 193880 bytes

5 minute rate 0 bps

Match: protocol bittorrent

0 packets, 0 bytes

5 minute rate 0 bps

drop

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Bittorent with 2801_NBAR

I believe the issue with bittorent traffic not being blocked will be because the specific pdlm for Bittorent does not include all the tcp ports which is used by the application.

As of 3.2 and later, apparently the range has been extended to 6881-6999. Can you run a 'show ip nbar port-map', is the range of tcp ports 6881 - 6889 listed? This is the range of ports using IOS 12.4(9)T.

As an alternative, you could create your own custom application which defines a different range of ports:-

ip nbar custom new_bittorent tcp range 6881 6999

You can then match this protocol within your policy-map instead of Bittorent.

Hope this helps

Allan.

Pls rate helpful posts.

1 REPLY

Re: Bittorent with 2801_NBAR

I believe the issue with bittorent traffic not being blocked will be because the specific pdlm for Bittorent does not include all the tcp ports which is used by the application.

As of 3.2 and later, apparently the range has been extended to 6881-6999. Can you run a 'show ip nbar port-map', is the range of tcp ports 6881 - 6889 listed? This is the range of ports using IOS 12.4(9)T.

As an alternative, you could create your own custom application which defines a different range of ports:-

ip nbar custom new_bittorent tcp range 6881 6999

You can then match this protocol within your policy-map instead of Bittorent.

Hope this helps

Allan.

Pls rate helpful posts.

124
Views
0
Helpful
1
Replies
CreatePlease to create content