Solved

Block P2P on a Cisco router

Posted on 2010-08-20
3
1,280 Views
Last Modified: 2012-05-10
Greetings,

I've put ip nbar protocol-discovery on the FastEthernet interfaces of my Cisco 2800 (ver 12.4(4)). I created a class-map to match the protocols of some known p2p apps, created a policy-map to drop the matched traffic and added the service policy to the interface. The problem is, when I run "show ip nbar protocol-discovery" eDonkey is not being blocked. Below is the relavent config:

class-map match-any p2p
 match protocol edonkey
 match protocol fasttrack
 match protocol gnutella
 match protocol kazaa2
 match protocol winmx
 match protocol novadigm

 policy-map block-p2p
 class p2p
   drop

interface FastEthernet0/0
 no ip address
 ip access-group 150 in
 no ip redirects
 no ip unreachables
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 duplex auto
 speed auto
 no cdp enable
 service-policy input block-p2p
 service-policy output Voice

!
interface FastEthernet0/0.11
 description Local LAN
 encapsulation dot1Q 11
 ip address 10.1.X.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 no cdp enable
 service-policy input block-p2p
!
interface FastEthernet0/0.200
 description Local WAN
 encapsulation dot1Q 200
 ip address 10.1.YYY.5 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip ospf priority 0
 service-policy input block-p2p
 
Results of show policy-map int fa0/0.11
 FastEthernet0/0.11

  Service-policy input: block-p2p

    Class-map: p2p (match-any)
      6155 packets, 395222 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol edonkey
        0 packets, 0 bytes
        5 minute rate 0 bps
      Match: protocol fasttrack
        0 packets, 0 bytes
        5 minute rate 0 bps
      Match: protocol gnutella
        0 packets, 0 bytes
        5 minute rate 0 bps
      Match: protocol kazaa2
        0 packets, 0 bytes
        5 minute rate 0 bps
      Match: protocol winmx
        6128 packets, 392940 bytes
        5 minute rate 0 bps
      Match: protocol novadigm
        27 packets, 2282 bytes
        5 minute rate 0 bps
      drop

Results of show ip nbar pro int fa0/0.11

 FastEthernet0/0.11
                            Input                    Output
                            -----                    ------
   Protocol            acket Count             Packet Count
                            Byte Count               Byte Count
                            5min Bit Rate (bps)      5min Bit Rate (bps)
                            5min Max Bit Rate (bps)  5min Max Bit Rate (bps)
   ------------------------ ------------------------ ------------------------
   edonkey            1842915                  1859275
                            1475234220               1874109161
                            0                        0
                            9654000                  14592000
   http                   1096487                  2265466
                            276457930              1728864847
                            33000                      81000
                            218000                    8664000

What am I missing?

Thanks
Paul
0
Comment
Question by:SBSIAdmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Accepted Solution

by:
Tory W earned 500 total points
ID: 33488844
Looks like you may need the new edonkey pdlm. Cisco has the instructions here.  Other than that your config looks good.  

I think the older versions of limewire were covered by how you are doing it but the newer versions need the new pdlm.

Hope this helps.

0
 

Author Comment

by:SBSIAdmin
ID: 33617731
Sorry for the delay, I've been on vacation. I'll download the new pdlms and give it a shot.
0
 

Author Comment

by:SBSIAdmin
ID: 33627181
Thanks, that resolved the issue.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question