P2P application is deadly killer for Internet bandwidth, a P2P client may occupy the 90% above of total bandwidth, it will seriously affect the normal Internetusers of Internet cafes, especially playing online game users.

3 How to limit the application of P2P?

1 through the ACL restricted port

The ACL restricted port. One is restricted to P2P port, open to all other ports,this method has its limitations, because now some P2P software, port can change, the blockade will automatically change the port, and even can be changed to port 80, if even this letter, the network will not work; two is the only open useful port, close other port, this method is to strictly control the network,but also feasible for small networks of simple, and if it is a large network, the data flow and complex that management can be very difficult; therefore these two methods on the Internet are not suitable for.

2 combining QOS and ACL restricted port flow

The data flow with QOS and ACL to limit P2P port. Because the majority ofworm virus and P2P ports is greater than 3000, but the normal application is used more than 3000 ports, if we will be closed more than 3000 ports, this application also unable to carry out normal, so a compromise is speed portmore than 3000 data stream. In practical application according to the actual situation may need to change the port number to make effect on the otherapplication is reduced to the minimum.

For example:

In the wide area network interface and QOS used in combination with the acl.

ACL number 3100

Rule 1000 permit TCP destination-port GT 3000

Rule 1010 permit UDP destination-port GT 3000

In the wide area network interface configuration QOS.

Traffic classifier p2pin operator or

If-match ACL 3100

Traffic behavior p2pin

Car cir 2048000 CBS 1024000 EBS 0 green pass red discard

QoS policy p2pin

Classifier p2pin behavior p2pin

Interface Ethernet1/0

IP address 162.1.1.2 255.255.255.252

QoS apply policy p2pin inbound

In the LAN interface and QOS used in combination with the acl.

ACL number 3300

Rule 1000 permit TCP source-port GT 3000

Rule 1010 permit UDP source-port GT 3000

In a local area network interface configuration QOS.

Traffic classifier p2pout operator or

If-match ACL 3300

Traffic behavior p2pout

Car cir 2048000 CBS 1024000 EBS 0 green pass red discard

QoS policy p2pout

Classifier p2pout behavior p2pout

Interface Ethernet3/0

IP address 192.168.1.1 255.255.255.0

QoS apply policy p2pout inbound

3 limit sessions of thesingle NAT

Single user limit after the VRP software support NAT, to do a single IP address conversion limit the NAT TCP connections, because a major characteristics of P2P software such as BT is also have a connection number, which occupiesNAT large number of tables, so the method can be applied effectivelylimitations of BT, such as our IP 192.168.1.2 to set the maximum NAT numberis 100; the normal network access must be enough, but if you use BT, so soonthe IP NAT table number will reach 100, once reached the peak, and other access to the IP could not NAT conversion, must wait until the part NAT tableafter failure, can use again, so as to effectively protect the network bandwidth,also reached the warning role.

4 limit software through the client

Through the software settings on the client to prohibit the use of P2P software.There are many Internet cafe management software may according to need toban all software running, suggest the need to prohibit the P2P application of Internet cafes in this way.

Above we summarize some methods currently available P2P software, the onlyway according to the actual network circumstances, of course, can also be a combination of methods.

2: limit of common P2P software port ACL

ACL number 3100

Rule 1000 deny TCP destination-port EQ 2710

Rule 1010 deny TCP destination-port EQ 6969

Rule 1020 deny TCP destination-port range 88818999

Rule 1030 deny TCP destination-port EQ 10137

Rule 1040 deny TCP destination-port EQ 16881

Rule 1050 deny TCP destination-port range 46614662

Rule 1060 deny UDP destination-port EQ 4665

Rule 1070 deny UDP destination-port EQ 4672 WS-C2960S-24TS-S Price

http://ciscoswitches.webgarden.com/

Articles Blogzine . Blogs Blogzine

DERNIERS ARTICLES :
Why Cisco 1941 cellular modem not accept "encap ppp" CLI
I am trying to configure a new Cisco 1941 router to replace my existing 1841. The 1841 had a GSM card in it, and the 1941 does as well, as a dial backup for the primary s
Cisco Catalyst 2960 48 POE Switch
The Cisco Catalyst 2960 48 Power over Ethernet (PoE) switch with PoE for entry-level enterprise, midmarket, and small branch office networks, allows connectivity to Ether
What's the Operating Temp of Cisco 48 port SFP blade
I have 2 Cisco 6509 core switches, both of which have 2 WS-X6748-SFP blades each, 48 port SFP blades for fiber links etc. My boss decided he wanted to know the temps the
Cisco fiber switch recommendation
Question: I have a network with all fiber switches, the main switch is cisco 4500, Im planning to open a new branch that will be connected with fiber, I will have 6 comm
Cisco switch: How to monitor CWDM SFPs metrics using SNMP?
I have a fiber SFP port on my switch, and have a single-mode fiber SFP module connected. I would like to graph the db power received on this module, but don't know what

DECOUVRIR D'AUTRES BLOGS : huaweinetworking
huaweinetworkingproducts
acmebrick789
jozi2mozi
hai1bee
jay0lavern
padreanice
tipspot7
molebo29
tombush9
sparkmove38
page83beaver
newsspear8
ahmed1cats

Annuaire de blogs
Aide Centerblog
Signaler un abus