Sometimes network administrators are faced with the challenge to block social networking websites like YouTube, Facebook and Twitter. The problem here is that sites may be having dozens of Public IPs or IPs may change over the span of time which makes IP based Website blocking an unsuitable proposition. Here comes the role of Cisco blocking website. NBAR (Network-Based Application Recognition) protocol developed by Cisco can be a handy a handy feature in such a scenario. NBAR works at application layer and can match website address instead of their IP address. Below is sample configuration where Youtube.com and facebook.com websites may be blocked using NBAR mechanism –
Cisco Blocking Websites
If you want to block Facebook on the router or any other website or are wondering “How to block websites on router?” follow the following simple steps for Cisco blocking websites.
1ST STEP – CREATE CLASS MAP (SOCIAL-SITES) MATCHING THE WEBSITE NAME STRING –
R1(config-cmap)#match protocol http host “*youtube.com*”
R1(config-cmap)#match protocol http host “*Facebook.com*”
R1(config-cmap)#exit
2ND STEP – CREATE POLICY MAP (WEB-BLOCK) , CALL CLASS MAP AND INSTRUCT TO DROP TRAFFIC MATCHING THE STRINGS IN CLASS MAP –
R1(config-pmap)#class BLOCK-CLASS
R1(config-pmap-c)#drop
R1(config-pmap-c)#exit
3RD STEP – CALL THE POLICY MAP (WEB-BLOCK) ON OUTSIDE INTERFACE OF ROUTER FACING THE INTERNET –
R1(config-if)#service-policy output WEB-BLOCK
Related- HTTP vs HTTPS
Related- Blocking Website on Cisco ios using NBAR
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
