Hmmm- maybe it was there since Protocol Pack 1 (if you've never updated them, is likely what you're on) and the gap in PI just added fog to the perception. I did add the BitTorrent-network to drop list, and have it allowed through our other line of defense in test. The 5508s are dropping it wonderfully. Is nice to see.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt Sent: Wednesday, September 17, 2014 12:10 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting) I haven't updated any protocol packs separately. I'm just using what's built into 7.6.130.0 Sent from my iPhone On Sep 17, 2014, at 11:09 AM, "Alan Nord" <an...@macalester.edu<mailto:an...@macalester.edu>> wrote: I was looking to see if NBAR2 version 11 will work on WLC 7.6 - according to this compatibility chart it is only for WLC code 8.0. http://www.cisco.com/c/en/us/td/docs/wireless/controller/nbar2_prot_pack/11-0-0/b-nbar2-prot-pack-1100/b-nbar2-prot-pack-1100_chapter_010110.html On Wed, Sep 17, 2014 at 8:34 AM, Trent Hurt <trent.h...@louisville.edu<mailto:trent.h...@louisville.edu>> wrote: It shows up in the wlc GUI either in the other category or in the file sharing category depending on wlc version and protocol pack. For me it was introduced in 7.6 code Sent from my iPhone On Sep 17, 2014, at 9:32 AM, "Hector J Rios" <hr...@lsu.edu<mailto:hr...@lsu.edu>> wrote: >From the WLC GUI. But I just checked our version for the product pack, and it >looks like we need to upgrade. I'll do that and confirm if I see it after. -Hector From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Wednesday, September 17, 2014 8:26 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting) Are saying you cant see it from PI, or from WLC GUI? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios Sent: Wednesday, September 17, 2014 9:21 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting) Lee, My security guys did the actual tests and from what I remember, it dropped the applications as soon as we enabled them. BTW, I also do not see BittorrentNetwork. We are running 7.6.120.0 -H From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Tuesday, September 16, 2014 8:16 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting) Hector, Any idea if it took time for the 5508s to "learn" the traffic before dropping started? I did some testing from a single client and was able to pull down half-dozen torrents on a WLAN configured to block it with AVC before I restored our other defenses. AVC didn't touch simple BitTorrent for 5-10 minutes I tried it. Did verify configs... Thanks, Lee Sent from my iPad On Sep 12, 2014, at 5:53 PM, "Hector J Rios" <hr...@lsu.edu<mailto:hr...@lsu.edu>> wrote: On our main SSID, we drop the applications listed below. Those were the ones our security group wanted us to drop. We have this on our WiSM2s which have about 800 WAPs each. We have not seen any issues related to high CPU so far. That's all the information I can give you. I hope this helps. I wish I could actually give stats on how many times the controller has actually detected and dropped those applications, but the requires another toys we don't have money for. Encryptep-emule Bittorrent Encrypted-bittorrent Edonkey-static Gnutella Hector Rios Louisiana State University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Thursday, September 11, 2014 1:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting) Re-opening the topic of using controllers to classify and control traffic- in particular P2P. I'm doing analysis of our 5508 WLCs' ability to perhaps replace a dedicated appliance solution. I see that we're not exactly 1 for 1 on services recognized by WLC compared to the dedicated appliances, but I'm more concerned with what might happen to a busy WLC with 500 APs and thousands of clients if we ask it to start dropping a couple of dozen P2P protocols. For those already doing this sort of thing- did CPU climb appreciably when you turned the drop function? Any issues noted? Our controllers tend to coast for CPU and memory, but I gotta ask. Also, does anyone know if the 5760s can yet "control" or are they still limited to the AV in AVC? Any idea if 5760 protocol packs (or whatever the signatures are called on the 5760) are the same as that for the 5508 WLC? Thanks- Lee Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003<tel:315.443.3003> (Blog: http://wirednot.wordpress.com) ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Alan Nord, CCNA Infrastructure Manager Information Technology Services Macalester College 1600 Grand Avenue St. Paul, MN 55105 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.