Solved: Cannot block access to youtube

Abdullah Net · ‎01-22-2013

Hello there,

I have been trying for a while to block access to both youtube.com and torrent connections. Lately, i have been successful with blocking torrent connections but blocking youtube does not seem to work although i have the right commands.

My config

hostname Internet_Router

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$/nHD$yvyxg0xJcN2NDAmArp1yK1

!

no aaa new-model

!

ip name-server 62.215.6.51

multilink bundle-name authenticated

!

class-map match-all torrent

match protocol bittorrent

class-map match-any youtube

match protocol http host "*youtube.com*"

match protocol http host "www.youtube.com"

match protocol http host "youtube"

match protocol http url "www.youtube.com"

match protocol http url "*youtube*"

match protocol http url "*youtube.com*"

class-map match-all v40

match any

match access-group 140

class-map match-all v80

match any

match access-group 180

!

policy-map torrent.drop

class torrent

drop

policy-map youtube.drop

class youtube

drop

policy-map vlans.limit

class v40

police cir 3500000 bc 1500000

conform-action transmit

exceed-action drop

service-policy youtube.drop

class v80

police cir 2500000 bc 1000000

conform-action transmit

exceed-action drop

service-policy torrent.drop

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description ISP_WAN_INTERFACE

no ip address

load-interval 600

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface GigabitEthernet0/1

description LAN_INTERFACE

ip address 192.168.1.1 255.255.255.0

ip nbar protocol-discovery

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

load-interval 600

duplex auto

speed auto

service-policy output vlans.limit

!

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

load-interval 60

dialer pool 1

ppp authentication pap callin

ppp pap sent-username 14356861 password 0 14356861

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 1 interface Dialer1 overload

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 192.168.40.0 255.255.255.0 192.168.1.2

ip route 192.168.80.0 255.255.255.0 192.168.1.2

!

access-list 1 permit 192.168.0.0 0.0.255.255

access-list 140 permit ip any 192.168.40.0 0.0.0.255 time-range DayHours

access-list 180 permit ip any 192.168.80.0 0.0.0.255 time-range DayHours

!

control-plane

!

mgcp profile default

!

gatekeeper

shutdown

!

line con 0

password tropico

logging synchronous

login

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

exec-timeout 30 0

password tropico

login

transport input all

!

scheduler allocate 20000 1000

time-range DayHours

periodic Sunday 9:00 to Monday 2:00

periodic Monday 9:00 to Tuesday 2:00

periodic Tuesday 9:00 to Wednesday 2:00

periodic Wednesday 9:00 to Thursday 2:00

periodic Thursday 9:00 to Friday 2:00

periodic Friday 1:00 to Saturday 2:00

periodic Saturday 9:00 to Sunday 2:00

!

end

I have also tried blocking youtube using the nbar command below but no luck so far.

class-map match-any youtube

match protocol youtube

Thanks,

Abdul,

mahmoodmkl · ‎01-24-2013

Hi
can u apply this policy inbound n try

Sent from Cisco Technical Support iPhone App

View solution in original post

mahmoodmkl · ‎01-24-2013

Hi
can u apply this policy inbound n try

Sent from Cisco Technical Support iPhone App

Abdullah Net · ‎01-25-2013

Mahmoodmkl,

Tried it, still doesn't work.

Abdul,

Abdullah Net · ‎01-25-2013

Mahmoodmkl,

Actually, after applying the policy inbound as you have suggested, it worked after i restarted the router.

Thanks for your help.

Abdul,