Sign in to follow this  
Followers 0
Debasis Chowdhury

Blocking sites using NBAR

1 post in this topic

Cisco's one of the cool feature is NBAR (Network Based Application Recognition). Where we can easily block any site using NBAR now-a-days. Suppose we want to block youtube.com and facebook.com these two sites. We can use the following commands to accomplish this:

class-map match-any BLOCKED_SITES
match protocol http host "*youtube.com*"
match protocol http host "*facebook.com*"
!
policy-map DROP_WEB
class BLOCKED_SITES
drop
!
interface FastEthernet0/0
description Connected to the LAN
service-policy input DROP_WEB


Now suppose we want to block files having extensions .exe and .bin:

class-map match-any BLOCKED_URLS
match protocol http url "*.exe|*.bin"
!
policy-map DROP_WEB
class BLOCKED_URLS
drop
!
interface FastEthernet0/0
description Connected to the LAN
service-policy input DROP_WEB

 

OALAN#show running-config interface fa0/1
Building configuration...

Current configuration : 221 bytes
!
interface FastEthernet0/1
description OA-LAN
ip address x.x.x y.y.y.y
ip nbar protocol-discovery
ip nat inside
load-interval 30
duplex auto
speed auto
service-policy input DROP_WEB
end

OALAN#

But after configuring all the above parameters, still the user is able to access the blocked sites. Need support.

 

My query: How to block required websites in cisco router.

 

 

Thanks in advance

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0