Sign in to follow this  
Followers 0
Debasis Chowdhury

Blocking sites using NBAR

1 post in this topic

Cisco's one of the cool feature is NBAR (Network Based Application Recognition). We can easily block any site using NBAR now-a-days. Suppose we want to block youtube and facebook these two sites. We can use the following commands to accomplish this:

class-map match-any BLOCKED_SITES
match protocol http host "*youtube.com*"
match protocol http host "*facebook.com*"
!
policy-map DROP_WEB
class BLOCKED_SITES
drop
!
interface FastEthernet0/0
description Connected to the LAN
service-policy input DROP_WEB


Now suppose we want to block files having extensions .exe and .bin:

class-map match-any BLOCKED_URLS
match protocol http url "*.exe|*.bin"
!
policy-map DROP_WEB
class BLOCKED_URLS
drop
!
interface FastEthernet0/0
description Connected to the LAN
service-policy input DROP_WEB

 

OALAN#show running-config interface fa0/1
Building configuration...

Current configuration : 221 bytes
!
interface FastEthernet0/1
description OA-LAN
ip address 10.10.10.1 255.255.255.240
ip nbar protocol-discovery
ip nat inside
load-interval 30
duplex auto
speed auto
service-policy input DROP_WEB
end

OALAN#

 

After configuring the above, still user is able to open the blocked sites. Need support to close the issue.

 

My Question: How can I block website using Cisco router.

 

Thanks in advance

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0