Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
333
Views
0
Helpful
1
Replies

Bittorent with 2801_NBAR

Go to solution
ajinc
Level 1
Level 1

‎11-15-2008 05:06 AM - edited ‎03-04-2019 12:20 AM

I have a 2801 router in my one of corporate office, which i have configured NBAR with MQC. I need to bloclk peer to peer application like bittorrent.

But router is not able to block bittorrent traffic, other peer to peer can block. version of bittorrent is 6.1.2 and IOS version is 12.411T4.

xxxx#sh policy-map int fa 0/0

Service-policy output: Block_P2P

Class-map: Block_P2P (match-any)

46481 packets, 5112152 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol fasttrack

1120 packets, 73977 bytes

5 minute rate 0 bps

Match: protocol gnutella

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol kazaa2

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol edonkey

22098 packets, 2576056 bytes

5 minute rate 0 bps

Match: protocol winmx

1856 packets, 193880 bytes

5 minute rate 0 bps

Match: protocol bittorrent

0 packets, 0 bytes

5 minute rate 0 bps

drop

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
allan.thomas
Level 8
Level 8

‎11-15-2008 03:52 PM

I believe the issue with bittorent traffic not being blocked will be because the specific pdlm for Bittorent does not include all the tcp ports which is used by the application.

As of 3.2 and later, apparently the range has been extended to 6881-6999. Can you run a 'show ip nbar port-map', is the range of tcp ports 6881 - 6889 listed? This is the range of ports using IOS 12.4(9)T.

As an alternative, you could create your own custom application which defines a different range of ports:-

ip nbar custom new_bittorent tcp range 6881 6999

You can then match this protocol within your policy-map instead of Bittorent.

Hope this helps

Allan.

Pls rate helpful posts.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
allan.thomas
Level 8
Level 8

‎11-15-2008 03:52 PM

I believe the issue with bittorent traffic not being blocked will be because the specific pdlm for Bittorent does not include all the tcp ports which is used by the application.

As of 3.2 and later, apparently the range has been extended to 6881-6999. Can you run a 'show ip nbar port-map', is the range of tcp ports 6881 - 6889 listed? This is the range of ports using IOS 12.4(9)T.

As an alternative, you could create your own custom application which defines a different range of ports:-

ip nbar custom new_bittorent tcp range 6881 6999

You can then match this protocol within your policy-map instead of Bittorent.

Hope this helps

Allan.

Pls rate helpful posts.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card