From: Antonio Soares (amsoares@netcabo.pt)
Date: Wed Mar 28 2007 - 08:36:12 ART
Thank you for those who have replied to this.
Regarding the edonkey/emule users still able to donwload/upload, I think
it's because NBAR does not support Stateful Inspection for this protocol:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r
/qos_m1h.htm#wp1125895
So I don't think I will be able to drop this traffic only with IOS.
By the way, is there any difference between these two ?
!
class-map match-all nbar-1
match protocol gnutella
!
class-map match-all nbar-2
match protocol gnutella file-transfer "*"
!
I cannot configure both on the same class:
R6#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R6(config)#
R6(config)#class-map match-all nbar-1
R6(config-cmap)# match protocol gnutella file-transfer "*"
'match protocol gnutella' and
'match protocol gnutella file-transfer' cannot coexist in same class
R6(config-cmap)#
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Antonio Soares
Sent: segunda-feira, 26 de Margo de 2007 18:06
To: ccielab@groupstudy.com
Subject: Policing / Shaping
Hello GS,
I need to solve a real task in my company: limit trafic to the Internet to
2Mbps inbound/outbound and block all peer-to-peer traffic. My policy is:
!
class-map match-any peer-to-peer
match protocol edonkey
match protocol kazaa2 file-transfer "*"
match protocol fasttrack file-transfer "*"
match protocol gnutella file-transfer "*"
!
!
policy-map QoS-Out
class peer-to-peer
drop
class class-default
shape average 2000000
policy-map QoS-In
class peer-to-peer
drop
class class-default
police 2000000
!
Decided to shape outbound and policy inbound.
Then i applied this to the Interface connected to the Internet. Do you
aggree with my configuration ?
Strange or not it seems edonkey/emule are still able to download/upload. My
policy says drop so what's happening ?
Thanks,
Antonio
This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:53 ART