03-23-2007 10:57 AM - edited 03-05-2019 03:04 PM
Hello,
My router is Cisco 1721 and I want to implement block BT function on it by NBAR feature. But seems fail to do it. The following is my configuration. Is there any problem with it? Thanks a lot.
"
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-IPBASE-M), Version 12.3(6f), RELEASE SOFTWARE (fc1)
......
System image file is "flash:c1700-ipbase-mz.123-6f.bin"
cisco 1721 (MPC860P) processor (revision 0x500) with 55643K/9893K bytes of memory.
"
Router#show run
Current configuration : 1644 bytes
!
version 12.2
no parser cache
service config
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
logging rate-limit console 10 except errors
enable secret 5
!
ip subnet-zero
ip cef
!
ip nbar pdlm bittorrent.pdlm
ip nbar pdlm eDonkey.pdlm
!
no ip domain-lookup
!
no ip dhcp-client network-discovery
!
class-map match-all bittorrent
match protocol bittorrent
class-map match-all edonkey
match protocol edonkey
!
policy-map limit-bt
class bittorrent
police 8000 1500 1500 conform-action drop exceed-action drop violate-action drop
class edonkey
police 8000 1500 1500 conform-action drop exceed-action drop violate-action drop
!
controller E1 0/0
framing NO-CRC4
channel-group 0 timeslots 1-31
!
interface Ethernet0/0
ip address ....
ip access-group 101 in
ip nbar protocol-discovery
half-duplex
service-policy input limit-bt
service-policy output limit-bt
!
interface Serial0/0:0
ip address ....
!
interface Ethernet1/0
ip address ....
half-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 y.y.y.y
ip route y.y.0.0 255.255.0.0 x.x.x.x
ip http server
!
access-list 101 deny tcp any any range 6881 6890
access-list 101 deny udp any any range 6881 6890
access-list 101 deny tcp any range 6881 6890 any
access-list 101 deny udp any range 6881 6890 any
access-list 101 permit ip any any
!
line con 0
line aux 0
line vty 0 4
line vty 5 15
!
no scheduler allocate
!
end
"
Sha
03-29-2007 07:03 AM
In the configuration given,
policy-map limit-bt
class bittorrent
police 8000 1500 1500 conform-action drop exceed-action drop violate-action drop
class edonkey
police 8000 1500 1500 conform-action drop exceed-action drop violate-action drop
why you have given the POLICE key word, Instead you can simply specify to drop
03-29-2007 06:02 PM
Sir,
I tried but it seems there is no directly 'drop' command here. That's why I use this method.
Thanks.
Sha
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide