03-27-2009 11:22 AM - edited 03-09-2019 10:10 PM
Hi, I have urlfiltering enabled on a Cisco 877W but would like to know if it's possible to enable the functionality for only certain IP Addresses. Basically I have a /25 subnetted client that requires access to be restricted for only 12 of their workstations and normal http access for the rest of the segment. I am not sure if urlfiltering is ideal for this situation or not. Any help is appreciated.
Thanks. Sample running-config attached.
Cisco 877W w/ IOS 124-15.T8 Advanced IP Services.
03-27-2009 11:44 AM
i dont see any way to do this using the inspect or urlfilter commands...
create a loopback and policy route the people to be urlfiltered through the loopback. apply the inspection policy on the loopback.
in ASA/pix you can control who gets urlfiltered pretty easily.
03-30-2009 11:40 AM
Can you give an example of how I might do this? Do I create a new IP address with the Loopback interface and then tell the clients to change their gateway to the Loopback address?
04-01-2009 09:07 AM
1. create loopback interface with private IP
interface loopback 0
ip address 192.168.1.1 255.255.255.0
2. create a route-map to policy route traffic from the IP's you want filtered
access-list 1 permit 10.1.1.1
access-list 1 permit 10.0.1.0 0.0.0.255
route-map pbr
match ip address 1
set interface loopback 0
3. apply route-map to incoming interface
int eth0/0
ip policy route-map pbr
4. apply filter policy to loopback interface.
int loopback0
ip inspect urlfilter in
w/o seeing your current config, here ya go.
clients shouldn't need to change anything.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide