How to Block Skype on a Router

By Steven S. Warren

Skype is a voice over IP (VoIP) application that allows you to make phone calls over the Internet. If you want to prevent people from making Skype calls on a network, you must block the packets that allow Skype to work. Blocking the Internet packets will render Skype useless.

Step 1

Enable Network Based Application Recognition (NBAR) on your router. This will allow you to see the packets that cross your router. Skype can be enabled to work on any port so if you block one port, it can be used on another port. The only real way to block Skype is to not allow the packets to leave your router. Using a Cisco tool such as NBAR will allow you to discover what Skype packets are leaving your network router.

Step 2

Type the following command on your router to discover your applications that are hogging all of your resources:

show IP nbar protocol-discovery stats bit-rate top-n 10

Step 3

Type the following command to drop Skype packets and render Skype useless:

class?map match?any p2p
match protocol skype
policy?map block?p2p
class p2p
drop

int FastEthernet0
description PIX?facing interface
service?policy input block?p2p