HOW TO BLOCK WEBSITES ON CISCO ROUTER

Sometimes network administrators are faced with the challenge to block social networking websites like YouTube, Facebook and Twitter. The problem here is that sites may be having dozens of Public IPs or IPs may change over span of time which makes IP based Website blocking an unsuitable proposition. NBAR (Network Based Application Recognition) protocol developed by Cisco can be a handy a handy feature in such a scenario. NBAR works at application layer and can match website address instead of their IP address. Below is sample configuration where Youtube.com and facebook.com websites may be blocked using NBAR mechanism –

1ST STEP – CREATE CLASS MAP (SOCIAL-SITES) MATCHING THE WEBSITE NAME STRING –

R1(config)#class-map match-any SOCIAL-SITES
R1(config-cmap)#match protocol http host “*youtube.com*”
R1(config-cmap)#match protocol http host “*Facebook.com*”
R1(config-cmap)#exit

2ND STEP – CREATE POLICY MAP (WEB-BLOCK) , CALL CLASS MAP AND INSTRUCT TO DROP TRAFFIC MATCHING THE STRINGS IN CLASS MAP –

R1(config)#policy-map WEB-BLOCK
R1(config-pmap)#class BLOCK-CLASS
R1(config-pmap-c)#drop
R1(config-pmap-c)#exit

3RD STEP – CALL THE POLICY MAP (WEB-BLOCK) ON OUTSIDE INTERFACE OF ROUTER FACING THE INTERNET –

R1(config)#interface GigabitEthernet 0/0
R1(config-if)#service-policy output WEB-BLOCK
Lets be aware of the fact that only HTTP sites are blocked through the above configuration. If we have websites working on HTTPS protocol, above configuration will not be able to block the sites.

Please follow and like us:
error

Related Posts

Add Comment

Social Media Auto Publish Powered By : XYZScripts.com
Select your currency
USD United States (US) dollar

Checkout : E-STORE for latest release "JNCIP-SEC & JNCIA-SEC Interview Q&A " Dismiss