Double check you have BitTorrent, encrypted BitTorrent, and also BitTorrent networking. I had to add the BitTorrent networking to mine in addition to the others that are in Hector's list to stop it. Although as we all know this is complete "cat and mouse" and they will always find a way. But I have had good success with this for the general user community.
Sent from my iPhone On Sep 16, 2014, at 9:16 PM, "Lee H Badman" <lhbad...@syr.edu<mailto:lhbad...@syr.edu>> wrote: Hector, Any idea if it took time for the 5508s to "learn" the traffic before dropping started? I did some testing from a single client and was able to pull down half-dozen torrents on a WLAN configured to block it with AVC before I restored our other defenses. AVC didn't touch simple BitTorrent for 5-10 minutes I tried it. Did verify configs... Thanks, Lee Sent from my iPad On Sep 12, 2014, at 5:53 PM, "Hector J Rios" <hr...@lsu.edu<mailto:hr...@lsu.edu>> wrote: On our main SSID, we drop the applications listed below. Those were the ones our security group wanted us to drop. We have this on our WiSM2s which have about 800 WAPs each. We have not seen any issues related to high CPU so far. That’s all the information I can give you. I hope this helps. I wish I could actually give stats on how many times the controller has actually detected and dropped those applications, but the requires another toys we don’t have money for. Encryptep-emule Bittorrent Encrypted-bittorrent Edonkey-static Gnutella Hector Rios Louisiana State University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Thursday, September 11, 2014 1:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting) Re-opening the topic of using controllers to classify and control traffic- in particular P2P. I’m doing analysis of our 5508 WLCs’ ability to perhaps replace a dedicated appliance solution. I see that we’re not exactly 1 for 1 on services recognized by WLC compared to the dedicated appliances, but I’m more concerned with what might happen to a busy WLC with 500 APs and thousands of clients if we ask it to start dropping a couple of dozen P2P protocols. For those already doing this sort of thing- did CPU climb appreciably when you turned the drop function? Any issues noted? Our controllers tend to coast for CPU and memory, but I gotta ask. Also, does anyone know if the 5760s can yet “control” or are they still limited to the AV in AVC? Any idea if 5760 protocol packs (or whatever the signatures are called on the 5760) are the same as that for the 5508 WLC? Thanks- Lee Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com) ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
