02-25-2011 10:37 PM - edited 03-11-2019 12:57 PM
Have configured IOS on CISCO1811W-AG-N/K9 to block social networks such as Facebook using NBAR.
I would like this blocking to only occur during a certain time period. i.e., I only want to block access to social networks during business hours. Can anyone recommend how I should do this on the Cisco 1811W with IOS 15.1?
Are there any guides to best practices when it comes to implementing URL filtering using IOS?
Thanks.
Solved! Go to Solution.
02-26-2011 06:09 AM
If you can add an ACL to your block policy then maybe there is a possibility with time-based ACLs. I am not sure if you can add an ACL.
Sent from Cisco Technical Support iPhone App
02-26-2011 06:09 AM
If you can add an ACL to your block policy then maybe there is a possibility with time-based ACLs. I am not sure if you can add an ACL.
Sent from Cisco Technical Support iPhone App
02-26-2011 05:46 PM
Thanks Paul, that was just the pointer I needed. I don't do much IOS
programming, and though I thought there was a concept of time-based ACL, couldn't
find the correct keywords to search on. I have now and that was just
what I needed.
I have posted an extract from my test "startup-config" in the hope it assists others trying to solve the same problem. Also welcome any suggested improvements. Perhaps routing the URL to a page saying the site is blocked at this time rather than simply dropping the packets.
REGARDS
ip access-list standard UnrestrictedNodes
permit host 192.168.xxx.abc
permit host 192.168.xxx.def
class-map match-any UnrestrictedNodes
match access-group name UnrestrictedNodes
class-map match-any SocialNetworks
match protocol http host "*facebook*"
time-range DenySocialNetworks
periodic weekdays 08:00 to 17:00
ip access-list extended DenySocialNetworksSchedule
permit ip any any time-range DenySocialNetworks
class-map match-all DenySocialNetworksSchedule
match access-group name DenySocialNetworksSchedule
match class-map SocialNetworks
policy-map DenySocialNetworks
class UnrestrictedNodes
no drop
class DenySocialNetworksSchedule
drop
interface BVI1
service-policy input DenySocialNetworks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: