03-27-2009 11:22 AM - edited 03-09-2019 10:10 PM
Hi, I have urlfiltering enabled on a Cisco 877W but would like to know if it's possible to enable the functionality for only certain IP Addresses. Basically I have a /25 subnetted client that requires access to be restricted for only 12 of their workstations and normal http access for the rest of the segment. I am not sure if urlfiltering is ideal for this situation or not. Any help is appreciated.
Thanks. Sample running-config attached.
Cisco 877W w/ IOS 124-15.T8 Advanced IP Services.
03-27-2009 11:44 AM
i dont see any way to do this using the inspect or urlfilter commands...
create a loopback and policy route the people to be urlfiltered through the loopback. apply the inspection policy on the loopback.
in ASA/pix you can control who gets urlfiltered pretty easily.
03-30-2009 11:40 AM
Can you give an example of how I might do this? Do I create a new IP address with the Loopback interface and then tell the clients to change their gateway to the Loopback address?
04-01-2009 09:07 AM
1. create loopback interface with private IP
interface loopback 0
ip address 192.168.1.1 255.255.255.0
2. create a route-map to policy route traffic from the IP's you want filtered
access-list 1 permit 10.1.1.1
access-list 1 permit 10.0.1.0 0.0.0.255
route-map pbr
match ip address 1
set interface loopback 0
3. apply route-map to incoming interface
int eth0/0
ip policy route-map pbr
4. apply filter policy to loopback interface.
int loopback0
ip inspect urlfilter in
w/o seeing your current config, here ya go.
clients shouldn't need to change anything.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: