02-19-2007 04:43 PM
i'm using ios 12.3 and i want to block p2p traffic in my network and block extensions in schedule mode????
02-21-2007 01:33 AM
The ios was designed to forward traffic, not to block traffic. it cannot filter at an application layer.
A firewall is designed to block traffic. It can look a lot deeper into the packets, even into the appliications and sessions running.
A router can block a class of traffic that it can capture in an accesslist (ACL).
There is no ACL that covers all p2p traffic, in fact most p2p notice that their default ports are blocked and switch to a "dynamic" mode.
You better try a reversed approach.
Find out what type of traffic is used by your business.
Then you put in place Quality Of Service and assign the business traffic the best quality, leaving just best effort for the p2p.
This will make that the p2p traffic can't affect your business traffic as this will be prioritized by the router.
And it's always good to know what is the traffic that is making $$$ for your company. How can you support the business if you don't know what type of traffic they use.
Cheers,
Michel
02-21-2007 09:43 AM
is there any way to close p2p ports??????
at least limit it's bandwidth?
and how can i block downloading specific extensions?
02-21-2007 02:00 PM
Here is some info about NBAR:
http://www.cisco.com/en/US/products/ps6616/products_qanda_item09186a00800a3ded.shtml
02-21-2007 04:43 PM
thanks but i still don't know how to do it
02-21-2007 04:47 PM
What are the devices you are talking about?
Are you wanting to shutdown a port? an interface?
In my understanding point-to-point is a method where 2 devices are connected. Either directly, or over a WAN connection.
What do you have?
02-21-2007 09:09 PM
Hi friend,
you will seldom get out of the box solutions for your problem the hint with NBAR should lead you to QoS. Since NBAR is a feature implemented in QoS.
Starting from here:
http://www.cisco.com/en/US/products/ps6616/products_ios_protocol_group_home.html
and searching in these few pages lead you to
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455985.html
Now it is up to you. Read it, implement it and fine-tune it.
Network Management is a time exhausting thing and for each new feature you have to read about the technical backgrouds.
Best regards,
Frank
02-25-2007 10:31 AM
i'm using 827 soho with ios 12.3
i don't think it's not compatible with NBAR
is it?
is there any simple steps to block p2p or to filter it
and block specific extensions?
02-26-2007 05:40 PM
Some problems are better solved with policies/procedures and not technology per se. p2p, Instant messaging, rouge voice (e.g. Skype) have all been designed to avoid/evade firewalls. If you have even just ONE open port out to the Internet, these programs will find a way out.
Better to have management issue an edict stating "thou shalt not use
03-05-2007 03:51 AM
The best way to block the P2p traffic and stop downloading some specific extensions is to configure CBAC ( Context based access list) on your cisco routing box.
Rate the post if it works out i your case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide