To block url on differnet vlans.

Unanswered Question


Would like to is the possibilty of blocking completley from a range of ip addresses in a vlan.

Design is something.

ASA-->Switch (L3)---->Internal users in diffrent vlans.

All the Vlans are on L3 switch.something like vlan1 on192.168.1.0/24,vlan2 on,vlan3 and so on..

None of the vlans can talk to each other as they belong to different departments,but can go to the internet and can access all the internet.

Here want to block most of the urls on say vlan3 and allow few.On rest of the VLANS don't want to restrict the urls etc.

Is this possible if going with a csc module.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Marwan ALshawi Sat, 08/30/2008 - 07:42
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

ofcource u can

as long as those VLANs have diffrent ip addressing

then u can control whos to be included in a such policy and whos not based on the source IP address

also u can achive it by using ACLs,class-map and policy map with http inspection using MPF on cisco ASA and block certain websites and u can exclude on or more subnets (vlan) or hosts based on the source IP

for example lets say u wanna exclude vlan 2 from http and url filltering and include anything else to be passed to CSC modul

access-list csc-acl deny tcp any eq www

access-list csc-acl permit tcp any any eq www

class-map csc-class

match access-list csc-acl

policy-map global_policy

class csc-class

csc fail-open

in this case evry http traffic will be passed and inspected by the CSC except vlan 2 traffic

and u can make whatever permit or deny

good luck

please, if helpful Rate


This Discussion