Tuesday, February 24, 2009

Block Skype on Cisco IOS 12.4(4)T

NBAR configuration commands to block Skype packets

class−map match−any p2p
match protocol skype

policy−map block−p2p
class p2p
drop

int FastEthernet0
description internet interface
service−policy input block−p2p

To find out the high bandwidth consuming applications being used in your network, you can access the interface connected to the Internet and configure following command

ip nbar protocol-discovery.

This command above enable nbar discovery on your router.

Use following command:-

show ip nbar protocol-discovery stats bit-rate top-n 10

This command above show you top 10 bandwidth consuming applications being used by the users. Now you will be able to block/restrict traffic with appropriate QoS policy.

You can use ip nbar port-map command to look for the protocol or protocol name, using a port number or numbers other than the well-known ports.

Usage as per cisco:-
ip nbar port-map protocol-name [tcp udp] port-number

Up to 16 ports can be specified with this command. Port number values can range from 0 to 65535

No comments:

Post a Comment

 
span.fullpost {display:inline;}