From: Radioactive Frog (pbhatkoti@gmail.com)
Date: Sat Dec 08 2007 - 05:45:17 ART
Has someone really blocked it in production network?
Frog
On April 4th 2006, Cisco released IOS version 12.4 (4) T. Cisco introduced
much awaited Skype classification in NBAR . So now with simple policy you
can block skype. Skype can be blocked in a similar way as we use to block
kazza,limewire and other p2p applications.
Example:-
NBAR configuration to drop Skype packets
*class−map match−any p2p
match protocol skype*
*policy−map block−p2p
class p2p
drop
*
*int FastEthernet0
description PIX−facing interface
service−policy input block−p2p*
If you are unsure about the bandwidth eating applications being used in your
organisation. you can access the interface connected to the Internet and
configure following command
*ip nbar protocol-discovery*.
This will enable nbar discovery on your router.
Use following command:- *
*
*show ip nbar protocol-discovery stats bit-rate top-n 10*
it will show you top 10 bandwidth eating applications being used by the
users. Now you will be able to block/restrict traffic with appropriate QoS
policy.
we can also use *ip nbar port-map* command to look for the protocol or
protocol name, using a port number or numbers other than the well-known
Internet Assigned Numbers Authority (IANA)-assigned) port numbers.
Usage as per cisco:-
*ip nbar port-map protocol-name [tcp | udp] port-number*
Up to 16 ports can be specified with this command. Port number values can
range from 0 to 65535
Source: http://ciscotips.wordpress.com/2006/06/07/how-to-block-skype/
On Dec 8, 2007 7:08 PM, Radioactive Frog <pbhatkoti@gmail.com> wrote:
> Hi guys,
> I was navigating the IOS feature and found that Cisco recently added skype
> protocol in IOS.
> Does that mean we can block skype?
>
> peer-to-peer VoIP client software
>
> *Note *Cisco currently supports Skype version 1 on
>
>
>
> Frog
This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:29 ARST