urlfiltering for certain IP addresses only?

peter-cco · ‎03-27-2009

Hi, I have urlfiltering enabled on a Cisco 877W but would like to know if it's possible to enable the functionality for only certain IP Addresses. Basically I have a /25 subnetted client that requires access to be restricted for only 12 of their workstations and normal http access for the rest of the segment. I am not sure if urlfiltering is ideal for this situation or not. Any help is appreciated.

Thanks. Sample running-config attached.

Cisco 877W w/ IOS 124-15.T8 Advanced IP Services.

srue · ‎03-27-2009

i dont see any way to do this using the inspect or urlfilter commands...

create a loopback and policy route the people to be urlfiltered through the loopback. apply the inspection policy on the loopback.

in ASA/pix you can control who gets urlfiltered pretty easily.

peter-cco · ‎03-30-2009

Can you give an example of how I might do this? Do I create a new IP address with the Loopback interface and then tell the clients to change their gateway to the Loopback address?

srue · ‎04-01-2009

1. create loopback interface with private IP

interface loopback 0

ip address 192.168.1.1 255.255.255.0

2. create a route-map to policy route traffic from the IP's you want filtered

access-list 1 permit 10.1.1.1

access-list 1 permit 10.0.1.0 0.0.0.255

route-map pbr

match ip address 1

set interface loopback 0

3. apply route-map to incoming interface

int eth0/0

ip policy route-map pbr

4. apply filter policy to loopback interface.

int loopback0

ip inspect urlfilter in

w/o seeing your current config, here ya go.

clients shouldn't need to change anything.