Cisco IOS version 12.4(4)T introduced the much awaited Skype classification in NBAR. Now, with simple policy you can block Skype in much the same way as you used to block kazza, limewire, and other p2p applications.
If you are unsure about the bandwidth-eating applications being used in your organization, you can access the interface connected to the Internet and configure using the following command:
"ip nbar protocol-discovery"
This will enable nbar discovery on your router.
If you use the following command:
"show ip nbar protocol-discovery stats bit-rate top-n 10"
It will show you the top 10 bandwidth-eating applications being used by the users. Now, you will be able to block/restrict traffic with appropriate QoS policy.
You can also use "ip nbar port-map" command to look for the protocol or protocol name using a port number or numbers other than the well-known Internet Assigned Numbers Authority (IANA)-assigned) port numbers.
Up to 16 ports can be specified with the above command. Port number values can range from 0 to 65535.
New PDLMs may have to be loaded to match more recent versions of some protocols.
To receive the latest information on Cisco online tools, certifications, support documentation, insights from Cisco experts and peers, and upcoming events, check out the Cisco Technical Services Newsletter today.
I'm trying to create a custom syslog policy to get notified when certain interfaces go up/down. It seems you can only create policies based on facility, severity, and mnemonic fields. So I created a policy that looks like:Facility contains LINKMnemon...
Listen: https://smarturl.it/CCRS8E37Follow us: twitter.com/ciscochampionSometimes, situations require temporary fixes. Sometimes, the network becomes an afterthought in overall office design and planning. In either situation, it may require netw...
Hello I am trying to configure a Cisco C111-8P and ran into several questions:1. Checking open ports on the router from the Internet using nmap shows that ports 53, 80 and 443 are open.How can you block them for access from the external network, so t...