Re: match protocol skype - blocking skype

From: shiran guez (shiranp3@gmail.com)
Date: Sat Dec 08 2007 - 05:52:50 ART

• Next message: Bhaskar Sivanesan: "Re: Router filtering mechanisms in RIP,EIGRP OSPF and BGP"
• Previous message: shiran guez: "Re: match protocol skype - blocking skype"
• Maybe in reply to: Radioactive Frog: "match protocol skype - blocking skype"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have blocked Skype in Production network using allot Netenforcer, they
support the latest Skype version

On Dec 8, 2007 10:45 AM, Radioactive Frog <pbhatkoti@gmail.com> wrote:

> Has someone really blocked it in production network?
>
> Frog
>
> On April 4th 2006, Cisco released IOS version 12.4 (4) T. Cisco introduced
> much awaited Skype classification in NBAR . So now with simple policy you
> can block skype. Skype can be blocked in a similar way as we use to block
> kazza,limewire and other p2p applications.
>
> Example:-
>
> NBAR configuration to drop Skype packets
>
> *class $B!] (Bmap match $B!] (Bany p2p
> match protocol skype*
>
> *policy $B!] (Bmap block $B!] (Bp2p
> class p2p
> drop
> *
> *int FastEthernet0
> description PIX $B!] (Bfacing interface
> service $B!] (Bpolicy input block $B!] (Bp2p*
>
> If you are unsure about the bandwidth eating applications being used in
> your
> organisation. you can access the interface connected to the Internet and
> configure following command
>
> *ip nbar protocol-discovery*.
>
> This will enable nbar discovery on your router.
>
> Use following command:- *
> *
>
> *show ip nbar protocol-discovery stats bit-rate top-n 10*
>
> it will show you top 10 bandwidth eating applications being used by the
> users. Now you will be able to block/restrict traffic with appropriate QoS
> policy.
>
> we can also use *ip nbar port-map* command to look for the protocol or
> protocol name, using a port number or numbers other than the well-known
> Internet Assigned Numbers Authority (IANA)-assigned) port numbers.
>
> Usage as per cisco:-
> *ip nbar port-map protocol-name [tcp | udp] port-number*
>
> Up to 16 ports can be specified with this command. Port number values can
> range from 0 to 65535
>
> Source: http://ciscotips.wordpress.com/2006/06/07/how-to-block-skype/
>
>
>
>
> On Dec 8, 2007 7:08 PM, Radioactive Frog <pbhatkoti@gmail.com> wrote:
>
> > Hi guys,
> > I was navigating the IOS feature and found that Cisco recently added
> skype
> > protocol in IOS.
> > Does that mean we can block skype?
> >
> > peer-to-peer VoIP client software
> >
> > *Note *Cisco currently supports Skype version 1 on
> >
> >
> >
> > Frog
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Shiran Guez
MCSE CCNP NCE1
http://cciep3.blogspot.com
http://www.linkedin.com/in/cciep3

• Next message: Bhaskar Sivanesan: "Re: Router filtering mechanisms in RIP,EIGRP OSPF and BGP"
• Previous message: shiran guez: "Re: match protocol skype - blocking skype"
• Maybe in reply to: Radioactive Frog: "match protocol skype - blocking skype"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:29 ARST