From: Jay Greenberg (groupstudylist@execulink.com)
Date: Tue Nov 26 2002 - 13:56:08 GMT-3
I am experimenting with CBWFQ with the following definintions (inbound &
outbound), but it's not working very well. I would like to know what
others are doing. Keep in mind that on big routers, NBAR is not an
option. Any constructive criticism would be helpful.
Extended IP access list p2p
permit tcp any eq 1214 any (5 matches)
permit tcp any any eq 1214
permit tcp any eq 6346 any
permit tcp any any eq 6346
permit tcp any eq 4662 any (1 match)
permit tcp any any eq 4662 (1 match)
permit tcp any eq 6257 any
permit tcp any any eq 6257
permit tcp any eq 6699 any
permit tcp any any eq 6699
Policy Map p2p
Description: Provide only 5Mbps for Peer-to-Peer Applications
Class p2p
police 5000000 156250 156250 conform-action transmit exceed-action
drop
Class Map match-any class-default (id 0)
Match any
Class Map match-any p2p (id 2)
Description: Peer to Peer
Match access-group name p2p
On Tue, 2002-11-26 at 10:34, McClure, Allen wrote:
> Has anyone figured out how to successfully block or police this junk
> yet? I've been messing with NBAR quite a bit and have even gotten a new
> kazaa2.pdlm from Cisco TAC. VERY limited success.
>
> This is killing me. Can anyone shed light on a Cisco way of doing this?
> I'm not concerned with old versions of the software or the 1214 port
> (doesn't work).
>
> Thanks in advance for any help!
>
> Allen McClure
> MCSE, CCNP, CCDP
>
>
>
> This communication is confidential and may be legally privileged. If you are
> not the intended recipient, (i) please do not read or disclose to others, (ii)
> please notify the sender by reply mail, and (iii) please delete this
> communication from your system. Failure to follow this process may be
> unlawful. Thank you for your cooperation.
-- Jay Greenberg <groupstudylist@execulink.com>
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:11 GMT-3