cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2039
Views
0
Helpful
3
Replies

http url filtering on ISR 4000 series router

xidasd
Level 1
Level 1

Hello, I tried to configure http url filtering on ISR 4321 router as i did on the 2911 router. But it seems that some commands are missing and other methods to filter URL that works on 2911 router are not work on ISR 4321 router. 

 

ADV-R(config-cmap)#match protocol http
ADV-R(config-cmap)#match protocol http url
ADV-R(config-cmap)#match protocol http url ?
WORD Enter a string as the sub-protocol parameter

ADV-R(config-cmap)#match protocol http url *test*
ADV-R(config-cmap)#exit
ADV-R(config)#policy-map
ADV-R(config)#policy-map url-block
ADV-R(config)#policy-map url-block
% A policy with the same name of inspect type already exists
ADV-R(config)#
ADV-R(config)#no policy-map url-block
ADV-R(config)#policy-map
ADV-R(config)#policy-map url-block
ADV-R(config)#policy-map url-block
ADV-R(config-pmap)#
ADV-R(config-pmap)#
ADV-R(config-pmap)#class url-block
ADV-R(config-pmap)#class url-block
ADV-R(config-pmap-c)#drop
ADV-R(config-pmap-c)#drop
^
% Invalid input detected at '^' marker.

ADV-R(config-pmap-c)#drop
ADV-R(config-pmap-c)#drop

 

"drop" command is missing. Is there other way to configure URL filtering on ISR 4000 series?

 

 

Ps. I also tried to configure QoS policy  conform-action to drop but it seems that URL classification is not work for QoS.

1 Accepted Solution

Accepted Solutions

xidasd
Level 1
Level 1

This configuration works well. 

I forgot to use "host" instead of "URL" 

class-map url

match protocol http host *www.cisco.com*

exit

policy-map url-block

class url

police cir per 20 conform-action drop exceed-action drop violate-action drop

exit

int g0/0/1

service-policy input url-block

 

View solution in original post

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

can you post show version and show license for both the kits ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ADV-R#show license
Index 1 Feature: appxk9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 2 Feature: uck9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 3 Feature: securityk9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 4 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 5 Feature: FoundationSuiteK9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 6 Feature: AdvUCSuiteK9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 7 Feature: cme-srst
Period left: 3 weeks 5 days
Period Used: 4 weeks 5 days
License Type: EvalRightToUse
License State: Active, In Use
License Count: 6/0 (In-use/Violation)
License Priority: Low
Index 8 Feature: hseck9
Index 9 Feature: throughput
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 10 Feature: internal_service

ADV-R#
ADV-R#show version
ADV-R#show version
Cisco IOS XE Software, Version 16.08.01
Cisco IOS Software [Fuji], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.8.1, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Tue 27-Mar-18 13:43 by mcpre


Cisco IOS-XE software, Copyright (c) 2005-2018 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


ROM: IOS-XE ROMMON

ADV-R uptime is 1 day, 18 hours, 39 minutes
Uptime for this control processor is 1 day, 18 hours, 42 minutes
System returned to ROM by Reload Command at 14:31:49 KST Mon Feb 1 2021
System restarted at 14:36:29 KST Mon Feb 1 2021
System image file is "bootflash:isr4300-universalk9.16.08.01.SPA.bin"
Last reload reason: Reload Command

 

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

 

Suite License Information for Module:'esg'

--------------------------------------------------------------------------------
Suite Suite Current Type Suite Next reboot
--------------------------------------------------------------------------------
FoundationSuiteK9 None None None
securityk9
appxk9

AdvUCSuiteK9 None None None
uck9
cme-srst
cube


Technology Package License Information:

-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
appxk9 None None None
uck9 uck9 Permanent uck9
securityk9 securityk9 Permanent securityk9
ipbase ipbasek9 Permanent ipbasek9

cisco ISR4321/K9 (1RU) processor with 1788457K/6147K bytes of memory.
Processor board ID FDO2241A2GG
2 Gigabit Ethernet interfaces
2 Serial interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
3125247K bytes of flash memory at bootflash:.
0K bytes of WebUI ODM Files at webui:.

Configuration register is 0x2102

 

xidasd
Level 1
Level 1

This configuration works well. 

I forgot to use "host" instead of "URL" 

class-map url

match protocol http host *www.cisco.com*

exit

policy-map url-block

class url

police cir per 20 conform-action drop exceed-action drop violate-action drop

exit

int g0/0/1

service-policy input url-block

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: