Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

QOS Problems

I have noticed that one of our wan links has a great deal of traffic from winmx and edonkey. I tried to add an entry to the existing policy map to police that type of traffic; however, whenever I do this the office on the other side of the wan link cannot access the internet (all internet access from that office comes through this link to reach the internet). Following is the policy map, etc. that applies to the link. Whenever I put in the hogs statement, the internet is not accessible. I would appreciate someone letting me know what I have done wrong--this is new to me so I will not take any offense on my stupidity!

class-map match-any hogs

match protocol winmx

match protocol edonkey

class-map match-all webapps

match access-group name webapps

class-map match-all rdp

match access-group name rdp

policy-map scum

class hogs

police cir 8000 bc 1500 be 1500

conform-action drop

exceed-action drop

class webapps

bandwidth 256

class rdp

bandwidth 128

class class-default


interface Serial1/0

bandwidth 768

ip address

ip nbar protocol-discovery

serial restart-delay 0

no dce-terminal-timing-enable

no cdp enable

service-policy output scum

ip access-list extended rdp

permit tcp any any eq 3389

permit tcp any any eq telnet

ip access-list extended webapps

permit ip host any

permit ip host any

permit ip host any

permit ip host any

permit ip host any

permit ip host any

permit ip host any


Re: QOS Problems


Though its bit difficult to conclude precisely at this time without the sho policy map output, however the most striking point to me is the ACL WebApps.

Infact the ACLs hogs and webapps are contradicting each other, i.e. in Hogs you are trying to classify at the Transport Layer but in the Webapps you are classing at the Network Layer.

Hence the first step towards the trouble shooting must be to bring everyone on either at the L-3 or at the L-4 e.g.

you may specify:

permit tcp host any port eq www

permit tcp host any port eq https

permit tcp host any port eq ftp

permit tcp host any port eq smtp

permit tcp host any port eq pop3

I hope that should bring the issue to a halt.

Kind Regards,

Wilson Samuel

New Member

Re: QOS Problems


I see you have configured the policies to drop all "hogs" traffic, which includes the "edonkey" and "winmx" protocols.

I believe those protocols are user defined protocols, so it seems the problem is in the definition of those protocols, probably they are covering other traffic than just the one used by edonkey and winmx.

In my opinion its very difficult or impossible to identify edonkey traffic as it uses random ports unless you have some way to do traffic shaping, but there is already some edonkey clients that use protocol obfuscation that intentionally fool the traffic shaping technics.

But the prblem of droping legitimate traffic is for sure in the definition of those "hogs" protocols.

My solution for dropping all undesired traffic was to permit only traffic for well known and legitimate applications like www, smtp etc. and deny all other traffic, and also impose the use of a internal proxy for web surfing that not only optimises the bandwidth usage but also solves the problem of some unusual ports used by some www sites, then you can also close the outgoing tcp port 80 except from your proxy server as all clients should browse the web using the proxy, because I saw already some edonkey clients that use the tcp port 80 in an attempt to fool the firewall.


New Member

Re: QOS Problems

Thanks; I think we just realized that the port Cisco identifies as edonkey may be something entirely different. Probably the same thing for winmx also.

Re: QOS Problems

HI cmorley, [Pls Rate if Helps]

How to Block Skype / P2P & identify Top 10 Bandwidth Eating Applications:


IOS Support:version 12.4 (4) T

edonkey can be blocked in a similar way as we use to block kazza,limewire and other p2p applications.

Example:- (for skype packets):

NBAR configuration to drop Skype packets

class−map match−any p2p

match protocol skype

policy−map block−p2p

class p2p


int FastEthernet0

description PIX−facing interface

service−policy input block−p2p

If you are unsure about the bandwidth eating applications being used in your organisation. you can access the interface connected to the Internet and configure following command:

ip nbar protocol-discovery.

This will enable nbar discovery on your router.

Use following command:-

show ip nbar protocol-discovery stats bit-rate top-n 10

it will show you top 10 bandwidth eating applications being used by the users. Now you will be able to block/restrict traffic with appropriate QoS policy.

we can also use ip nbar port-map command to look for the protocol or protocol name, using a port number or numbers other than the well-known Internet Assigned Numbers Authority (IANA)-assigned) port numbers.

Usage as per cisco:-

ip nbar port-map protocol-name [tcp | udp] port-number

Up to 16 ports can be specified with this command. Port number values can range from 0 to 65535


Best Regards,

Guru Prasad R