How to Block BitTorrent and other P2P application in Cisco Router

Here is an example on how to block bittorrent and other P2P application using Network-Based Application Recognition (NBAR) in cisco router.

Procedure:
1.  Enable the Cisco Express Forwarding, P2P traffic cannot be blocked when CEF is disabled.

Service-Router#Config t
Service-Router(config)#ip cef



2.  Create a class map named BLOCKED-P2P

Service-Router(config)#class-map match-any BLOCK-P2P

3.  enter the protocol to be blocked, here are some of examples of protocols. You can find this in PDLM files

Service-Router(config-cmap)#match protocol bittorrent
Service-Router(config-cmap)#match protocol kazaa2
Service-Router(config-cmap)#match protocol gnutella

4. Create a policy map named QOS-BLOCKED-P2P-POLICY

Service-Router(config)#policy-map QOS-BLOCKED-P2P-POLICY

5. Create a class map attached to this policy map

Service-Router(config-pmap)#class BLOCKED-P2P

6. To drop all traffic that match to maped protocol, enter the command 'drop'

Service-Router(config-pmap-c)#drop

or, if you want to limit the traffic, enter the command 'police'

Service-Router(config-pmap-c)#police cir 8000
Service-Router(config-pmap-c-police)#conform-action drop
Service-Router(config-pmap-c-police)#exceed-action drop

7.  In the interface where your LAN is located, enable the NBAR protocol discovery

Service-Router(config-if)#ip nbar protocol-discovery

apply the policy map to this interface,

Service-Router(config-if)#service-policy input QOS-BLOCKED-P2P-POLICY

Check your configuration.
In order to display the packet statistics of all classes that are configured for all service policies either on the specified interface or sub-interface or on a specific permanent virtual circuit (PVC) on the interface, use the show policy-map interface command in privileged EXEC mode

Service-Router#show policy-map interface fastEthernet 0/1

For Policy map configuration,

Service-Router#show running-config policy-map

For class map configuration,

Service-Router#show running-config class-map


Blocking Gnutella with the Custom PDLM
[source: cisco.com]

Let's look at an example of how to use the Custom PDLM. We use Gnutella as the traffic we want to classify and then apply a QoS policy that blocks this traffic.

Gnutella uses six well-known TCP ports - 6346, 6347, 6348, 6349, 6355, and 5634. Other ports may be detected as Pongs are received. If users specify other ports for use in Gnutella file sharing, you can add these ports to your custom match protocol statement.

Here are the steps to creating a QoS service policy that matches on and drops Gnutella traffic.

As noted above, use the "show ip nbar unclassified-port-stats" command to view the NBAR "unclassified" traffic. If your network is transporting Gnutella traffic, you will see output similar to the following.

Port    Proto    # of Packets
------- -------- -------
6346    tcp      347679
27005   udp      55043

Use the ip nbar port-map custom command to define a custom port-map that matches on the Gnutella ports.

ip nbar port-map custom-02 tcp 5634 6346 6347 6348 6349 6355

Note: Currently, you must use a name such as custom-xx. User-defined names for custom PDLMs will be supported in an upcoming release of Cisco IOS Software.

Use the show ip nbar protocol stats command to confirm matches to the custom statement.

2620# show ip nbar protocol stats byte-count
FastEthernet0/0
               Input               Output
Protocol       Byte Count          Byte Count
------------------------------------------------
custom-02      43880517            52101266

Create a QoS service policy using the commands of the modular QoS CLI (MQC).

d11-5-7206-16(config)# class-map gnutella
d11-5-7206-16(config-cmap)# match protocol custom-02
d11-5-7206-16(config-cmap)# exit
d11-5-7206-16(config)# policy-map sample
d11-5-7206-16(config-pmap)# class gnutella
d11-5-7206-16(config-pmap-c)# police 1000000 31250 31250 conform-action drop exceed-action drop violate-action drop


note:  Bittorrent client by default uses tcp 6881 to 6889 ports


PDLM Functionality
A PDLM is a separate file available on Cisco.com. A PDLM is used to add support for a protocol that is currently not available as part of the Cisco IOS software.

A PDLM extends the list of protocols that NBAR can recognize. PDLMs also allow NBAR to recognize new protocols without requiring you to install a new Cisco IOS image or reconfigure your router.

New PDLMs are released by Cisco only and can be loaded from flash memory. Contact your local Cisco representative to request additions or changes to the set of protocols classified by NBAR.

To view a list of currently available PDLMs, go to the following URL:


Related Topics
How to block Social Networking Site in Cisco Router







___________________________________________________



Share this you friend....

No comments:

Post a Comment