05-22-2006 01:32 PM - edited 03-03-2019 12:47 PM
I have succesfully blocked all file sharing softwares except Lime wire because there is no PDLM available on cisco site. From where i can fetch this PDLM. Please help in this regard.
05-25-2006 09:08 AM
You'll want to use the "ip nbar port-map" command. You discuss LimeWire which uses the Gnutella protocol. So to create your custom PDLM you'll do the following:
1) Create the custom port-map that matches Gnutella traffic:
ip nbar port-map custom-01 tcp 5634 6346 6347 6348 6349 6355
2) Add your custom protocol to the proper QoS class-map:
WAN_Router(config)# class-map BAD_P2P
WAN_Router(config-cmap)# match protocol custom-01
3) Edit your policing setting for the proper policy-map as necessary. Examples are available online or I can provide any if you need them.
05-26-2006 04:08 AM
Hi Wiluszm,
As i creat my custom port-map for Genutella traffic, Erorr shows that respective ports are already mapped with Gnutella:
MyRouter(config)#ip nbar port-map custom-01 tcp 5634 6346 6347 6348 6349 6355
% NBAR Warning: gnutella is already mapped to - 5634
% NBAR Warning: gnutella is already mapped to - 6346
% NBAR Warning: gnutella is already mapped to - 6347
% NBAR Warning: gnutella is already mapped to - 6348
% NBAR Warning: gnutella is already mapped to - 6349
% NBAR Warning: gnutella is already mapped to - 6355
Because i have blocked Gnuetella p2p application through PDLM. As Limewire is application of genutella using the genutella resources it is still not even blocked.
05-26-2006 04:13 AM
As these are matching ports (5634 6346 6347 6348 6349 6355 ) used by Genutella ( Limewire also ), so we can block through access-list. Will it work?
Thanks,
05-26-2006 08:01 AM
Hi there,
I have a little config that i put into Student Halls from time to time.... And it works well....
class-map match-any P2P
match protocol fasttrack
match protocol gnutella
match protocol napster
match protocol http url "\.hash=*"
match protocol http url "/.hash=*"
match protocol kazaa2
match protocol bittorrent
match protocol directconnect
match protocol edonkey
match protocol ftp
!
!
policy-map P2P
class P2P
police cir 8000 bc 1500 be 1500
conform-action drop
exceed-action drop
!
!
!
int Dialer0 (or other external Wan Interface)
ip nbar protocol-discovery
service-policy input P2P
service-policy output P2P
!
!
!
int e0 (or other internal LAN interface)
ip nbar protocol-discovery
service-policy input P2P
service-policy output P2P
!
Now.... as far as i'm aware this does not need an ACl configured.
Show Policy-map interface
will give you an idea of what packets are being dropped.
hope this helps
Stephen
05-26-2006 08:09 AM
Ah... sorry just had a look on the net and realised that the New limewire V4 is bypassing Cisco's NBAR. Although as a side note, lime wire is based on the Gnutella protocol so the above NBAR list should stop most limewire activity.
See here
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455985.html
Hope this Helps
Thanks
Stephen
05-26-2006 12:27 PM
Hi Stephen,
The above configuration you sent i have already done but it does not work. and second link about custom pdlm also does not work. These porst are already mapped to Genuttlla. But lime wire is still unblock.
Thanks,
06-30-2006 01:13 AM
Does these policies work on router-on a stick?
I mean, if a router is default gateway for a LAN, and both incomming and outgoing traffic is on the same interface? I have this configured and I can see hits, but all bad applications are still have access out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide