Jump to content
Sadikhov IT Certification forums
Sign in to follow this  
Debasis Chowdhury

Blocking sites using NBAR

Recommended Posts

Cisco's one of the cool feature is NBAR (Network Based Application Recognition). We can easily block any site using NBAR now-a-days. Suppose we want to block youtube and facebook these two sites. We can use the following commands to accomplish this:

class-map match-any BLOCKED_SITES
match protocol http host "*youtube.com*"
match protocol http host "*facebook.com*"
!
policy-map DROP_WEB
class BLOCKED_SITES
drop
!
interface FastEthernet0/0
description Connected to the LAN
service-policy input DROP_WEB


Now suppose we want to block files having extensions .exe and .bin:

class-map match-any BLOCKED_URLS
match protocol http url "*.exe|*.bin"
!
policy-map DROP_WEB
class BLOCKED_URLS
drop
!
interface FastEthernet0/0
description Connected to the LAN
service-policy input DROP_WEB

 

OALAN#show running-config interface fa0/1
Building configuration...

Current configuration : 221 bytes
!
interface FastEthernet0/1
description OA-LAN
ip address 10.10.10.1 255.255.255.240
ip nbar protocol-discovery
ip nat inside
load-interval 30
duplex auto
speed auto
service-policy input DROP_WEB
end

OALAN#

 

After configuring the above, still user is able to open the blocked sites. Need support to close the issue.

 

My Question: How can I block website using Cisco router.

 

Thanks in advance

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×