How to seal BT on a vro

The first is the common port sealing method: the Common commands are as follows:
1 forbidden:
Access-list 102 deny tcp any range 6881 6890
Access-list 102 deny tcp any range 6881 6890 any
Access-list 102 permit ip any
This method has its own limitations. First, some existing btsoftware will automatically change the port after being blocked. Second, I have carefully studied several BT download software, their current announce ports are now using 8000 and 8080. If they are connected, the network may be abnormal, later, N people called me and I was scared to immediately DEL it)
The second method is to use Network-Based Application Recognition (NBAR) to identify Network applications. NBAR is a technology that dynamically searches for protocols from Layer 4 to Layer 7, it can not only control the static tcp udp reports, but also control the protocols (such as BT) that the ACLs cannot achieve dynamic ports. an external Packet Description Language Module (PDLM) file is used to extend the protocol for NBAR recognition. Process:

1 to the http://www.cisco.com/pcgi-bin/tablebuild.pl/pdlm to download bittorrent. pdlm, to CCO)

2 put it in TFTP, and then use copy tftp disk2 (most should be flash)
# Show runn
The section about BT is as follows:
Class-map match-all bittorrent
Match protocol bittorrent
!
!
Policy-map bittorrent-policy
Class bittorrent
Drop
!
Interface GigabitEthernet0/2
Description CONNECT INSIDE
Ip address 192.168.168.1 255.255.255.252 secondary
Ip address 192.168.21.1 255.255.255.0
Ip nat inside
Service-policy input bittorrent-policy
Service-policy output bittorrent-policy
Duplex full
Speed1000
Media-type rj45
No negotiation auto
After the experiment, BT cannot be downloaded.