Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1278
Views
5
Helpful
5
Replies

isr 4451 appx - why there is no policy-map "drop" command?

Ruslan Moldaliev
Level 1
Level 1

‎03-21-2016 11:00 AM - edited ‎03-05-2019 03:36 AM

hi there,

I'm trying to block torrents in my network and want to achieve this by next configuration:

Cisco_ISR(config)#class-map match-any ALL-P2P-PROTOCOLS
Cisco_ISR(config)# match protocol bittorrent

Cisco_ISR(config)#policy-map P2P- DROP

Cisco_ISR(config)#class ALL-P2P-PROTOCOLS

Cisco_ISR(config)#drop
Cisco_ISR(config)#interface gigabitEthernet 0/0
Cisco_ISR(config-if)#service-policy input P2P-DROP
thing is I can't apply "drop" command - and I don't know how to find whether it's licensing or platform issue.
thanks
Labels:
0 Helpful
5 Replies 5

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-21-2016 01:41 PM

What software version are you running on the 4451?

ps. You can't effectively stop P2P traffic anymore.  This only catches all the older clients.  The newer clients now all use random ports and encrypted traffic streams.

0 Helpful

Ruslan Moldaliev
Level 1
Level 1
In response to Philip D'Ath

‎03-22-2016 01:47 AM

hi Philip,

I'm running 3.13.2S and I believe it has 15.4(3)S4 version inside.

I just want to block usual bittorrent traffic for start, P2P needs additional investigation - thanks for the info.

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to Ruslan Moldaliev

‎03-22-2016 12:08 PM

I have an inkling in the back of my mind this might be related to the code version you are using.  Are you able to upgrade to something newer like 3.16.2S?

https://software.cisco.com/download/release.html?mdfid=284389362&catid=268437899&softwareid=282046477&release=3.16.2S&relind=AVAILABLE&rellifecycle=ED&reltype=latest

0 Helpful

Ruslan Moldaliev
Level 1
Level 1
In response to Philip D'Ath

‎03-23-2016 03:11 AM

uhmm, I'll try it and report back.

thanks for the suggestion.

0 Helpful

Ruslan Moldaliev
Level 1
Level 1
In response to Philip D'Ath

‎03-24-2016 03:45 AM

nope, it's not software version reason unfortunately. there is no such command even in suggested release by you. maybe command syntax was changed.

however I managed to block torrents in testing environment with the next configuration:

class-map match-any LIMIT-TOR
  match protocol bittorrent
  match protocol bittorrent-networking
  exit
  policy-map QOS-LIMIT-TOR-POLICY
  class LIMIT-TOR
  police cir 8000
  confirm-action drop
  exceed-action drop
  violate-action drop
  exit
  exit
  exit
  int gig 0/0/0
  ip nbar protocol-discovery
  service-policy output QOS-LIMIT-TOR-POLICY
  service-policy input QOS-LIMIT-TOR-POLICY

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card