Hi..I am trying to implement on enterprise network with 7507 cisco internet gateway router.

In earlier response,most of them are saying u can do with the following :

class-map match-all test

match protocol http host *youtube.com*

policy-map test

class test

drop

But there is no command like drop??

on this link http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00800fc176.shtml

it is written there,u can do with ser dscp 1,I have applied the same,but users are still able to open the site or URL.

Thanks you very much for ur corporation.

Thanks,

-Sanjeev

if ur ios dose not have firewall feature it wont be availabe i mean the drop

but what u might do as work aroung

policy-map test

class test

set dscp 8

then

mack ACL match source lan and distination as any eq dscp 8

this acl will be deny acl

like

access-list 100 deny [lan network] any eq dscp 8

it is not good way if u have Qos in ur network with diffrent marking methods because the way may overlav with amarked traffic

if u dont have Qos so u can do it like this

but it is cpu intensive as it is on application layer with NBAR

if helpful Rate

Hi..I hv tried with dscp 8 also,but not working,still site is opening.

I want to block youtube actually,is there any specific dscp value for this..

I have cisco IOS 12.3(11)T3.

Thanks,

-Sanjeev

i think u have problem with matching statement

try to make it like

*youtube.com

When specifying a URL for classification, include only the portion of the URL that follows the www.hostname.domain in the match statement. For example, for the URL www.cisco.com/latest/whatsnew.html, include only /latest/whatsnew.html

Within NBAR, the match protocol http c-header-field command is used to specify that NBAR identify request messages (the "c" in the c-header-field portion of the command is for client). The match protocol http s-header-field command is used to specify response messages (the "s" in the s-header-field portion of the command is for server).

have alook at the following link

http://www.cisco.com/en/US/docs/ios/12_4t/qos/configuration/guide/qsnbar1.html#wp1055866

good luck

If helpful Rate

Hi..following is my configuration:

class-map match-all test

match protocol http url "*youtube.com"

!

!

policy-map test

class test

set dscp cs1

ip nbar protocol-discovery on fa5/1/1 out interface.

ACLs applied:

deny ip any any dscp 8

permit ip any any log

I am getting logs match :

10 deny ip any any dscp cs1 (4031 matches)

20 permit ip any any log (50835 matches)

still the site is opening..not able to block the URL,IOS verison is 12.3(11)T3

Thanks,

-Sanjeev

one more thing

u need to apply the polcy that match and mark the traffic on the lan in terface in the input direction

and apply the ACL on the outbound direction on the outside interface that connected to the internet

good luck