Blocking Websites on Cisco IOS Using NBAR

Cisco IOS has some wonderful set of features like restricting some websites access based on ACL or QOS which make use of the Layer 1, 2, 3 or 4 parameters to block/restrict. NBAR is a powerful tool of cisco which enables the IOS to do application level filtering.

Especially in scenario where customers have corporate site connected to internet via Cisco router and we want to block access to certain websites. The blocking of website becomes imperative in order to restrict employees from browsing social websites to increase productive official time. In normal practice this would be done using ACL on routers and then blocking the IP address of those particular websites. But we can use NBAR to match the websites exact address which makes it a lot user friendly.

Let us look at the configuration example –

We will first create a class-map and then use match protocol to use the NBAR.

In this example we will specifically block access to facebook.com and ‘*’ will be used to match all sub-domains of Facebook and restrict the access.

Next we create a policy-map which will use the class-map created above and will take the action on the matched address used in class-map.

The policy-map has an action of drop for all the http traffic destined for facebook.com from a site connected to internet.

Lastly we apply this policy-map on the ISP facing interface of the router.

Verification –

R1#show policy-map interface fastEthernet 0/1

Related- Cisco Blocking Website

ABOUT THE AUTHOR

Rashmi Bhardwaj

I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”

I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.

I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)