I think using an IP address ACL is not possible because as far as I know, youtube shares the same IP address range with google and may be even gmail, which must remain allowed.
I am applying the policy-map to the default gateway interface.
I saw in other post that NBAR doesn't work when applied to subinterfaces, I tried that in a 2911 and it displayed an error to confirm it, with the 2921 however, there was no error message, even so I used the workaround suggested that was using the NBAR policy as a child inside a Parent policy.
I used the "show policy-map interface g0/0.10" command and there was some matches for the Youtube-Class class-map at the input.
Besides I noticed that sometimes, youtube was blocked (while other sites remain open) but sometimes it was still accessible without any changes.
Any way, I'll try as Basileios says, see how it works.
Paolo, you pointed out that you meant an IP address ACL... just for curiosity, is there another kind of ACL besides IP and MAC (those are all I know).
And finally... could somebody explain to me how the "mathc protocol youtube" command works?
As far as I know, youtube doesn't use any particular protocol other than HTTP.
Is there a difference between using "match protocol youtube" and a combination of "match protocol http" with a filter on the URL *.youtube.com
I ask this because that second one is what I was using before, until I noticed that accesing youtube was still possible just by changing the "http" protocol to "https" in the browser window. And the same thing happens when using the "match protocol youtube" command, sometimes it blocks "http:// www.youtube.com/..." but it never blocks "https://www.youtube.com/".
Would this be easier with an ASA firewall? may be I'm just trying to setup a feature in the wrong device. Would it be possible to filter specific DNS queries? (just for some users while others still have access)
Does NBAR actually block the site? I would expect it only to block the video content apps. There is probably a much easier way to simply block the domain name. But then I suppose the NBAR would also pick up on other sites with embedded YouTube vids which might not match the domain filter.
Using an ASA to block https://www.youtube.com is not going to solve the problem. An ASA is unable to inspect encrypted traffic.
One alternative is to use a site like whois to find out all the IP addresses used by Youtube. Then write an ACL to block all these IP addresses. This will also block HTTPS traffic. However this can be a big task if Youtube keep registering new addresses for their site.
The simplest solution would be to install a proxy server. Direct all Internet traffic through this server. Then create a rule on this server to block Youtube.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...