Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1246
Views
0
Helpful
2
Replies

Block URL by Schedule

Go to solution
peter_hancox
Level 1
Level 1

‎02-25-2011 10:37 PM - edited ‎03-11-2019 12:57 PM

Have configured IOS on CISCO1811W-AG-N/K9 to block social networks such as Facebook using NBAR.

I would like this blocking to only occur during a certain time period.  i.e., I only want to block access to social networks during business hours.  Can anyone recommend how I should do this on the Cisco 1811W with IOS 15.1?

Are there any guides to best practices when it comes to implementing URL filtering using IOS?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
PAUL GILBERT ARIAS
Level 5
Level 5

‎02-26-2011 06:09 AM

If you can add an ACL to your block policy then maybe there is a possibility with time-based ACLs. I am not sure if you can add an ACL.

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
2 Replies 2

Go to solution
PAUL GILBERT ARIAS
Level 5
Level 5

‎02-26-2011 06:09 AM

If you can add an ACL to your block policy then maybe there is a possibility with time-based ACLs. I am not sure if you can add an ACL.

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
peter_hancox
Level 1
Level 1
In response to PAUL GILBERT ARIAS

‎02-26-2011 05:46 PM

Thanks Paul, that was just the pointer I needed.  I don't do much IOS

programming, and though I thought there was a concept of time-based ACL, couldn't

find the correct keywords to search on.  I have now and that was just

what I needed.

I have posted an extract from my test "startup-config" in the hope it assists others trying to solve the same problem.  Also welcome any suggested improvements.  Perhaps routing the URL to a page saying the site is blocked at this time rather than simply dropping the packets.

REGARDS

ip access-list standard UnrestrictedNodes
 permit host 192.168.xxx.abc
 permit host 192.168.xxx.def

class-map match-any UnrestrictedNodes
 match access-group name UnrestrictedNodes

class-map match-any SocialNetworks
 match protocol http host "*facebook*"

time-range DenySocialNetworks
 periodic weekdays 08:00 to 17:00

ip access-list extended DenySocialNetworksSchedule
 permit ip any any time-range DenySocialNetworks

class-map match-all DenySocialNetworksSchedule
 match access-group name DenySocialNetworksSchedule
 match class-map SocialNetworks

policy-map DenySocialNetworks
 class UnrestrictedNodes
  no drop
 class DenySocialNetworksSchedule
  drop

interface BVI1
 service-policy input DenySocialNetworks
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card