Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1797
Views
0
Helpful
5
Replies

RV215W don´t block sites

Osvaldo Galicia
Level 1
Level 1

‎07-28-2015 09:03 AM

Helllo

i have a RV215W and i have already set a internet access policy to block keywords and sites like facebook, etc but, i can still visit those pages and search for the keywords without being blocked.

Labels:
0 Helpful
5 Replies 5

kevyen
Cisco Employee
Cisco Employee

‎08-13-2015 09:55 AM

Hello Osvaldo Galicia,

Thank you for using the Cisco Small Business forums! My name is Kevin, I am an eContent developer and I am part of the Small Business Support Community. The reason why you are not able to block certain websites like Facebook is because the URL filtering mechanism is limited to keyword and looks at http only. The next option that you can do is to block the sites' IP address but Facebook uses multitude of IP addresses so to block websites like Facebook, you would need to control the DNS request phase of the browsing rather than trying to stop specific traffic at layer 3.

One way you can do this is:

1. You can create an account at https://www.opendns.com.

2. After that, you would want to set up your filtering.

3. Set the DHCP to hand out the DNS server address from Open DNS

4. Create ACLs to allow port 53 to the Open DNS servers

5. Create ACL to block port 53 to ANY

These ACLs prevent the user from using a manually-entered DNS to circumvent the filtering.

 

I hope this helps! I hope you reply back with any questions or concerns.

*Please mark the question as Answered or rate it so other users can benefit from it*

Sincerely,

Kevin Yen

Cisco eContent Developer

0 Helpful

beda.sandor
Level 1
Level 1
In response to kevyen

‎09-29-2015 02:31 PM

Dear Kevin,

 

can you please let me know how to do it on the RV215W?

 

Thanks

Sandor

0 Helpful

kevyen
Cisco Employee
Cisco Employee
In response to beda.sandor

‎09-30-2015 12:10 PM

Hello Sandor, 

 

I have typed out a couple steps that may help you configure your RV215W with Open DNS. You can follow these steps and see if it works for you. These steps are assuming that you have an account with Open DNS and you have configured your settings on the Open DNS website. 

 

Step 1. Log in to the web configuration of your router and navigate to Networking > LAN > LAN Configuration. In the DNS server drop-down list, choose Use DNS as Below. Then you would want to go to the static DNS 1 field and put in the DNS server address of the Open DNS which is 208.67.222.222. Then Click Save. 

Step 2. Before we go on, you must check to see if your DNS is on port 53. To do this, you would want to navigate to Firewall > Service Management and check if the DNS is on port 53. If not then you want to edit the DNS to start port 53 and end port 53. After that, navigate to Firewall > Access Rules, then click Add Row and go to Services field and choose DNS. In the Destination IP drop-down list, click Single Address and in the Start field type in the Open DNS IP Address which is 208.67.222.222 In the Rule Status, check the enable check box to enable the rule status. Then click Save

Step 3. Go to your command prompt and type in ipconfig /all and check for the Open DNS servers IP address which should be under Ethernet adapter Local Area Connection if you are using Ethernet cable. Make sure the DNS server is 208.67.222.222

Step 4. If your DNS server is not 208.67.222.222, then in the command prompt type in ipconfig /renew, then ipconfig /flushdns and then close your command prompt and reopen it and type ipconfig /all and check again to see if the dns server is 208.67.222.222

Step 5. In the Command Prompt, you can also type nslookup to look up your DNS server IP address.

Step 6. Add another row in the Access Rules. In the Action drop-down list, select Always allow. In the Service drop-down list, choose DNS. In the Destination IP drop-down list, choose Single Address and put 208.67.222.222 and then enable the rule status, then press Save. After that you want to reorder it so that the Always allow is on the top and the Always block is at the bottom. This is so you can access the web pages that aren’t block. If it was the other way around, you won’t be able to access any pages. 

 

Let me know if this works for you or not. 

 

Sincerely, 
Kevin Yen

Cisco eContent Developer

0 Helpful

beda.sandor
Level 1
Level 1
In response to kevyen

‎10-01-2015 01:28 PM

Dear Kevin,

 

thanks for your very quick response!

Unfortunately I was not able to succeed.

Please find attached a file with screenshots and check if settings are ok.
 

Thanks

Sandor

Preview file
222 KB
0 Helpful

kevyen
Cisco Employee
Cisco Employee
In response to beda.sandor

‎10-05-2015 02:54 PM

Hello Sandor,

 

Sorry for the late response, can I see your OpenDNS configuration?

I retested the configuration of my steps and I know I told you to add "Allows Block, DNS, 208.67.222.222" but you can actually delete that since it's not needed.

Have you tried clearing your history and cookies? If not, can you try that and see if you can access that page? I would wait a few minutes before you try to access Facebook to ensure that the settings has taken effect. When I was testing it, I tried it right away and it didn't work so I waited a few minutes and tried it on a different browser and it worked. Then I went back to my current browser and cleared my history, cookies, cache... etc. and it blocked Facebook for me.

 

 

Sincerely,

Kevin Yen

Cisco eContent Developer

0 Helpful
Customers Also Viewed These Support Documents