urlfiltering for certain IP addresses only?

Unanswered Question
Mar 27th, 2009
User Badges:

Hi, I have urlfiltering enabled on a Cisco 877W but would like to know if it's possible to enable the functionality for only certain IP Addresses. Basically I have a /25 subnetted client that requires access to be restricted for only 12 of their workstations and normal http access for the rest of the segment. I am not sure if urlfiltering is ideal for this situation or not. Any help is appreciated.

Thanks. Sample running-config attached.


Cisco 877W w/ IOS 124-15.T8 Advanced IP Services.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Fri, 03/27/2009 - 11:44
User Badges:
  • Blue, 1500 points or more

i dont see any way to do this using the inspect or urlfilter commands...

create a loopback and policy route the people to be urlfiltered through the loopback. apply the inspection policy on the loopback.

in ASA/pix you can control who gets urlfiltered pretty easily.

peter-cco Mon, 03/30/2009 - 11:40
User Badges:

Can you give an example of how I might do this? Do I create a new IP address with the Loopback interface and then tell the clients to change their gateway to the Loopback address?

srue Wed, 04/01/2009 - 09:07
User Badges:
  • Blue, 1500 points or more

1. create loopback interface with private IP

interface loopback 0

ip address 192.168.1.1 255.255.255.0

2. create a route-map to policy route traffic from the IP's you want filtered

access-list 1 permit 10.1.1.1

access-list 1 permit 10.0.1.0 0.0.0.255

route-map pbr

match ip address 1

set interface loopback 0

3. apply route-map to incoming interface

int eth0/0

ip policy route-map pbr

4. apply filter policy to loopback interface.

int loopback0

ip inspect urlfilter in


w/o seeing your current config, here ya go.


clients shouldn't need to change anything.

Actions

This Discussion