acl mac, blocking msn, yahoo, gtalk, youtube etc etc

Antonio Brandao · ‎01-18-2010

Hi All,

I have a cisco router 2800 model and I would like create a acl to block station to access youtube, messenger, yahoo bullshits like that.

But using their mac address.

Can somebody help with that ?

AB

Ganesh Hariharan · ‎01-18-2010

Hi Antonio,

In order that router need to block a web site traffic which are originating from LAN.To do this, we need at least one DNS server configured on the router. To configure a DNS server, use the ip name-server command. Here's an example:

Router(config)# ip name-server 1.1.1.1 2.2.2.2

Router(config)# access-list 101 deny tcp any host www.badsite.com eq www
Translating "www.badsite.com"...domain server (1.1.1.1) [OK]
Router(config)# access-list 101 permit tcp any any eq www ------------To allow all other web traffic

This ACL denies all Web traffic from any source going to the specified Web site. After blocking that traffic, it will also allow all other Web traffic from any source to any destination. Finally, because of the implied deny, it will deny all other traffic.

Just because we've created the ACL doesn't mean the router is actually using it—we still have to apply the ACL. We created this ACL with the assumption that it's blocking traffic from our local LAN that's going out to the WAN (i.e., the Internet). That's because we formatted the ACL with source then destination.

Because of this design, we need to apply the ACL in the OUTBOUND direction on the router. Here's an example:

Router(config)# int serial 0/0
Router(config-if)# ip access-group 101 out

Hope that helps out your query !!

If helpful do rate the valuable post.

Regards

Ganesh.H