Jump to content


Blocking sites using NBAR


  • Please log in to reply
No replies to this topic

#1 Debasis Chowdhury

Debasis Chowdhury

    Newbie

  • Members
  • Pip
  • 37 posts
  • Gender:Male
  • Location:Bhubaneswar

Posted 16 March 2016 - 01:47 AM

Cisco's one of the cool feature is NBAR (Network Based Application Recognition). Where we can easily block any site using NBAR now-a-days. Suppose we want to block youtube.com and facebook.com these two sites. We can use the following commands to accomplish this:

    class-map match-any BLOCKED_SITES
       match protocol http host "*youtube.com*"
       match protocol http host "*facebook.com*"
    !
    policy-map DROP_WEB
       class BLOCKED_SITES
         drop
    !
    interface FastEthernet0/0
       description Connected to the LAN
       service-policy input DROP_WEB


Now suppose we want to block files having extensions .exe and .bin:

    class-map match-any BLOCKED_URLS
       match protocol http url "*.exe|*.bin"
    !
    policy-map DROP_WEB
       class BLOCKED_URLS
         drop
    !
    interface FastEthernet0/0
       description Connected to the LAN
       service-policy input DROP_WEB

 

OALAN#show running-config interface fa0/1
Building configuration...

Current configuration : 221 bytes
!
interface FastEthernet0/1
 description OA-LAN
 ip address x.x.x y.y.y.y
 ip nbar protocol-discovery
 ip nat inside
 load-interval 30
 duplex auto
 speed auto
 service-policy input DROP_WEB
end

OALAN#

 

But after configuring all the above parameters, still the user is able to access the blocked sites. Need support.

 

My query: How to block required websites in cisco router.

 

 

Thanks in advance


  • 0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users