12-28-2005 12:25 AM - edited 03-03-2019 01:15 AM
Hi,
i'm trying to block peer2peer connections using NBAR on MSFC2.
nbar can recognize and monitor traffic but cannot be able to block it.
i started suspecting of msfc doesn't support blocking traffic with nbar.
6513 has hybrid CatOS/IOS
CatOS8.3(4) on SUP2
IOS 12.2(14)ZA7 on MSFC2
12-28-2005 12:45 AM
Hi
As per the supporting doc it says that NBAR is supported in MSFC2 with SUP1 or SUP2..
can you post out ur config which ur using up to block the P2P connections ?
regds
12-28-2005 01:05 AM
Hi,
_______________________________
!
ip nbar pdlm bootflash:bittorrent.pdlm
ip nbar pdlm bootflash:eDonkey.pdlm
ip nbar pdlm bootflash:gnutella.pdlm
ip nbar pdlm bootflash:kazaa2.pdlm
!
!
!
class-map match-any gnutella
match protocol gnutella
class-map match-any bittorrent
match protocol bittorrent
class-map match-any kazaa2
match protocol kazaa2
class-map match-any fasttrack
match protocol fasttrack
class-map match-any edonkey
match protocol edonkey
!
!
policy-map peer2peer
class edonkey
bandwidth percent 1 !!!!! no "drop" parameter is available, so i try to limit BW usage :(
class bittorrent
bandwidth percent 1
class fasttrack
police 8000 1500 1500 conform-action transmit exceed-action drop violate-action drop
class gnutella
police 8000 1500 1500 conform-action transmit exceed-action drop violate-action drop
class kazaa2
police 8000 1500 1500 conform-action transmit exceed-action drop violate-action drop
policy-map kazaa
!
interface vlan 3
service policy input peer2peer
______________________________________________
when i check for policy-map (sh policy-map interface vlan 3), if it matches any packet and police them, it seems nothing matches the policy-map, but i can see traffic with "sh ip nbar protocol-discovery".
also i tried to catch p2p traffic with a route-map and route them to interface null0, but "set interface null0" command is not available :))
______________________________________
if you could help i'll be appriciated
thanks
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide