Jump to content
Sadikhov IT Certification forums
Sign in to follow this  
Debasis Chowdhury

Blocking sites using NBAR

Recommended Posts

Cisco's one of the cool feature is NBAR (Network Based Application Recognition). Where we can easily block any site using NBAR now-a-days. Suppose we want to block youtube.com and facebook.com these two sites. We can use the following commands to accomplish this:

class-map match-any BLOCKED_SITES
match protocol http host "*youtube.com*"
match protocol http host "*facebook.com*"
!
policy-map DROP_WEB
class BLOCKED_SITES
drop
!
interface FastEthernet0/0
description Connected to the LAN
service-policy input DROP_WEB


Now suppose we want to block files having extensions .exe and .bin:

class-map match-any BLOCKED_URLS
match protocol http url "*.exe|*.bin"
!
policy-map DROP_WEB
class BLOCKED_URLS
drop
!
interface FastEthernet0/0
description Connected to the LAN
service-policy input DROP_WEB

 

OALAN#show running-config interface fa0/1
Building configuration...

Current configuration : 221 bytes
!
interface FastEthernet0/1
description OA-LAN
ip address x.x.x y.y.y.y
ip nbar protocol-discovery
ip nat inside
load-interval 30
duplex auto
speed auto
service-policy input DROP_WEB
end

OALAN#

But after configuring all the above parameters, still the user is able to access the blocked sites. Need support.

 

My query: How to block required websites in cisco router.

 

 

Thanks in advance

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×