Cisco Blocking Websites- How To Block Websites on Cisco Router?

Sometimes network administrators are faced with the challenge to block social networking websites like YouTube, Facebook and Twitter. The problem here is that sites may be having dozens of Public IPs or IPs may change over the span of time which makes IP based Website blocking an unsuitable proposition. Here comes the role of Cisco blocking website. NBAR (Network-Based Application Recognition) protocol developed by Cisco can be a handy a handy feature in such a scenario. NBAR works at application layer and can match website address instead of their IP address. Below is sample configuration where Youtube.com and facebook.com websites may be blocked using NBAR mechanism –

Cisco Blocking Websites

If you want to block Facebook on the router or any other website or are wondering “How to block websites on router?” follow the following simple steps for Cisco blocking websites.

Advertisements

1ST STEP – CREATE CLASS MAP (SOCIAL-SITES) MATCHING THE WEBSITE NAME STRING –

R1(config)#class-map match-any SOCIAL-SITES
R1(config-cmap)#match protocol http host “*youtube.com*”
R1(config-cmap)#match protocol http host “*Facebook.com*”
R1(config-cmap)#exit

2ND STEP – CREATE POLICY MAP (WEB-BLOCK) , CALL CLASS MAP AND INSTRUCT TO DROP TRAFFIC MATCHING THE STRINGS IN CLASS MAP –

R1(config)#policy-map WEB-BLOCK
R1(config-pmap)#class BLOCK-CLASS
R1(config-pmap-c)#drop
R1(config-pmap-c)#exit

3RD STEP – CALL THE POLICY MAP (WEB-BLOCK) ON OUTSIDE INTERFACE OF ROUTER FACING THE INTERNET –

R1(config)#interface GigabitEthernet 0/0
R1(config-if)#service-policy output WEB-BLOCK
Lets be aware of the fact that only HTTP sites are blocked through the above configuration. If we have websites working on HTTPS protocol, above configuration will not be able to block the sites.

Related- HTTP vs HTTPS

Related- Blocking Website on Cisco ios using NBAR

Share this:
Advertisements

Related Posts

About The Author

Add Comment

Social Media Auto Publish Powered By : XYZScripts.com