Without actually seeing the

Ricky Sandhu · ‎05-04-2017

Good morning, I have a class-map called CLS-BLOCKED-CONTENT that identifies Netflix, Hulu and other undesirable traffic. I also have another class-map called CLS-RESTRICTED-CONTENT that identifies traffic such as YouTube etc. I have a policy map called POL-CONTENT-FILTER that drops traffic that matches against the CLS-BLOCKED-CONTENT and polices the traffic for CLS-RESTRICTED-CONTENT to 2Mbps.

I have a Cisco router with GigabitEthernet0/0 facing the WAN and GigabitEthernet0/1 facing the LAN.

My question is, on what interface and in which direction should the service policy POL-CONTENT-FILTER should be applied to in order to achieve optimal results?

Thank you

Collin Clark · ‎05-04-2017

Without actually seeing the policy, I would say the best place to apply would be internet facing edge port.

HTH

Ricky Sandhu · ‎05-04-2017

Hi Collin, below is the configuration. If I apply it to internet facing port (Gig0/0), I'm assuming this will be applied on the inbound direction correct? Would the router still be able to see inside HTTPS traffic with NBAR2?

class-map match-any CLS-RESTRICTED-CONTENT
match protocol internet-audio-streaming
match protocol internet-video-streaming
match protocol itunes-audio
match protocol ppstream
match protocol pptv
match protocol whatsapp
match protocol youtube

!

class-map match-any CLS-BLOCKED-CONTENT
match protocol edonkey
match protocol gnutella
match protocol bittorrent
match protocol fasttrack
match protocol kazaa2
match protocol irc
match protocol bittorrent-networking
match protocol encrypted-bittorrent
match protocol edonkey-static
match protocol hulu
match protocol netflix
match protocol amazon-instant-video
match protocol itunes-video

!

policy-map POL-CONTENT-FILTER
class CLS-BLOCKED-CONTENT
drop
class CLS-RESTRICTED-CONTENT
police 2000000 1000 conform-action transmit exceed-action drop

!

Apply service policy inbound or outbound?