RE: Blocking Skype with IOS

Iwan,

I can't find a PDLM that supports post version 1 Skype detection. I think that's what Nick was addressing.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6612/ps6653/prod_qas09186a00800a3ded_ps6616_Products_Q_and_A_Item.html#wp9000037

-ryan

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Iwan Hoogendoorn
Sent: Thursday, September 10, 2009 7:27 AM
To: Nicholas Davitashvili
Cc: Cisco certification
Subject: Re: Blocking Skype with IOS

Nice Article ...
Very nice if you don't want to use NBAR ... or can not use NBAR.

But I find the NBAR config a little bit easier ;-)

class-map match-any p2p
match protocol skype
!
policy-map block-p2p
class p2p
drop
!
int FastEthernet0
description PIX-facing interface
service-policy input block-p2p
!

So I am trying to find reasons here not to use NBAR exept that the
IOS/router platform is not supporting it...

-- 
Regards,
Iwan Hoogendoorn
CCIE #13084 (R&S / Security / SP)
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Wed, Sep 9, 2009 at 8:00 PM, Nicholas Davitashvili <nickda_at_gmail.com> wrote:
> Hi guys,
> Here's an article we wrote about how to block Skype using IOS.
> http://www.4shared.com/file/129849696/4cd4ff14/Blocking_Skype_Using_IOS.html
>
> Please comment.
>
> Nick
> GREENNET
> Lat:  41043'25.46"N
> Long:  44045'45.60"E
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net