11-15-2008 05:06 AM - edited 03-04-2019 12:20 AM
I have a 2801 router in my one of corporate office, which i have configured NBAR with MQC. I need to bloclk peer to peer application like bittorrent.
But router is not able to block bittorrent traffic, other peer to peer can block. version of bittorrent is 6.1.2 and IOS version is 12.411T4.
xxxx#sh policy-map int fa 0/0
Service-policy output: Block_P2P
Class-map: Block_P2P (match-any)
46481 packets, 5112152 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol fasttrack
1120 packets, 73977 bytes
5 minute rate 0 bps
Match: protocol gnutella
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol kazaa2
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol edonkey
22098 packets, 2576056 bytes
5 minute rate 0 bps
Match: protocol winmx
1856 packets, 193880 bytes
5 minute rate 0 bps
Match: protocol bittorrent
0 packets, 0 bytes
5 minute rate 0 bps
drop
Solved! Go to Solution.
11-15-2008 03:52 PM
I believe the issue with bittorent traffic not being blocked will be because the specific pdlm for Bittorent does not include all the tcp ports which is used by the application.
As of 3.2 and later, apparently the range has been extended to 6881-6999. Can you run a 'show ip nbar port-map', is the range of tcp ports 6881 - 6889 listed? This is the range of ports using IOS 12.4(9)T.
As an alternative, you could create your own custom application which defines a different range of ports:-
ip nbar custom new_bittorent tcp range 6881 6999
You can then match this protocol within your policy-map instead of Bittorent.
Hope this helps
Allan.
Pls rate helpful posts.
11-15-2008 03:52 PM
I believe the issue with bittorent traffic not being blocked will be because the specific pdlm for Bittorent does not include all the tcp ports which is used by the application.
As of 3.2 and later, apparently the range has been extended to 6881-6999. Can you run a 'show ip nbar port-map', is the range of tcp ports 6881 - 6889 listed? This is the range of ports using IOS 12.4(9)T.
As an alternative, you could create your own custom application which defines a different range of ports:-
ip nbar custom new_bittorent tcp range 6881 6999
You can then match this protocol within your policy-map instead of Bittorent.
Hope this helps
Allan.
Pls rate helpful posts.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: