05-19-2015 11:47 PM - edited 03-05-2019 01:30 AM
Hi All,
I want to configure service limitation for torrent traffic, i did the configuration but anyway it is not working. I mean, when i am trying to download files from torrent software, it is still downloading, please see attached!
I am using Cisco Router 2901 with IOS version - c2900-universalk9-mz.SPA.154-3.M2.bin
I have done the following configuration:
class-map match-all torrent
match protocol bittorrent
class-map match-all torrent1
match protocol bittorrent
class-map match-all SASA
match protocol gnutella
policy-map SERVICE.LIMITATION.FROM.WAN
class torrent
drop
class SASA
drop
policy-map SERVICE.LIMITATION.FROM.LAN
class torrent1
drop
class SASA
drop
interface GigabitEthernet0/0
description Outside
ip address 10.48.x.y 255.255.255.0
ip access-group VOIP in
ip nbar protocol-discovery ipv4
ip tcp adjust-mss 1350
load-interval 30
duplex auto
speed auto
service-policy input SERVICE.LIMITATION.FROM.WAN
end
interface GigabitEthernet0/1
ip address 192.168.x.y 255.255.255.0
ip nbar protocol-discovery ipv4
ip flow ingress
duplex auto
speed auto
service-policy input SERVICE.LIMITATION.FROM.LAN
end
Thank you in advance!
05-20-2015 11:54 PM
Guys, do you have any ides how to solve this issue?
05-21-2015 01:06 AM
Hello,
It might be because Bittorrent traffic is encrypted and therefore NBAR is not able to recognize it. I see a solution suggested here: https://supportforums.cisco.com/discussion/10796856/nbar-bittorrent-and-rc4-based-encryption
Hope this helps,
Jose.
05-21-2015 01:46 AM
Hi Jose,
First of all, Let me thank you for your suggestion, let me check it and i will post the result a bit later.
Best Regards,
05-21-2015 06:01 AM
Jose,
I am using NBAR version of 20. there is activated 42 protocol, i mean, NBAR can check all this ports. it also includes lot of ports like :
Last clearing of "show ip nbar protocol-discovery" counters 1d08h
Input Output
----- ------
bittorrent 8850 2288
980546 132796
HQ-C2901#sh ip nbar protocol-id
Protocol Name id type
----------------------------------------------
bgp 179 L4 IANA
bittorrent 69 L7 STANDARD
HQ-C2901#sh ip nbar port-map bittorrent
port-map bittorrent udp 3724
port-map bittorrent tcp 3724 1080 6969 6881 6882 6883 6884 6885 6886 6887 6888 6889
HQ-C2901#sh ip nbar protocol-pack loaded detail
Loaded Protocol Pack(s):
Name: Standard Protocol Pack
Version: 1.0
Publisher: Cisco Systems Inc.
NBAR Engine Version: 20
State: Active
Modules:
1 base Mv: 4
2 ftp Mv: 4
3 http Mv: 17
Iv: irc - 2
4 static Mv: 6
5 secure-http Mv: 4
6 netbios Mv: 1
7 socks Mv: 2
8 nntp Mv: 2
9 tftp Mv: 2
10 exchange Mv: 3
11 vdolive Mv: 1
12 sqlnet Mv: 2
13 netshow Mv: 3
14 sunrpc Mv: 3
15 streamwork Mv: 2
16 citrix Mv: 13
17 fasttrack Mv: 3
18 gnutella Mv: 7
19 kazaa2 Mv: 11
20 dhcp Mv: 1
21 rtsp Mv: 9
22 rtp Mv: 8
23 mgcp Mv: 2
24 skinny Mv: 3
25 h323 Mv: 1
26 sip Mv: 4
27 rtcp Mv: 4
28 edonkey Mv: 6
29 winmx Mv: 5
30 bittorrent Mv: 5
Iv: socks - 2
31 directconnect Mv: 4
32 imap Mv: 1
33 pop3 Mv: 1
34 irc Mv: 2
Iv: http - 17
35 smtp Mv: 1
36 dns Mv: 1
37 skype Mv: 5
38 sap Mv: 1
39 pptp Mv: 1
40 ntp Mv: 1
41 iana Mv: 1
42 custom-protocols Mv: 1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide