09-04-2012 01:05 AM - edited 03-04-2019 05:27 PM
Hi All,
Good day to you all. Its good to be back on line with you guys and thanks for all your inputs in my career as a network engineer.
I wanted to block some social sites on my network and I added these entry to my config -
class-map match-any social-network
match protocol http host "*facebook*"
match protocol http host "*twitter*"
match protocol http host "*myspace*"
match protocol http host "*bebo*"
match protocol http host "*friendster*"
match protocol http host "*hi5*"
match protocol http host "*orkut*"
match protocol http host "*perfspot*"
match protocol http host "*zorpia*"
match protocol http host "*netlog*"
match protocol http host "*habbo*"
match protocol http host "*ladunliadi*"
match protocol http host "*badoo*"
match protocol http host "*skype*"
match protocol http host "*naijapal*"
match protocol http host "*flixster*"
match protocol http host "*linkedin*"
match protocol http host "*youtube*"
match protocol http host *irokotv*
!
!
policy-map drop-social-network
class social-network
drop
interface Vlan1
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
service-policy input drop-social-network
I succeeded in blocking this sites but I also discovered an appreciable slowing down of my network and network dragging.
The aim of block the social sites is to restrict the bandwitdh to productive work only so that people doing legitimate company work will have enough resources for their work and to avoid unnecesary network drag. But it appears that using the class-map, policy map statement makes the network to slow down thereby defeating the purpose.
Is there any way to block these sites with minimal impact on the network (without slowing down the network to the point that users notices the drag)?
Thanks
Tom
09-04-2012 01:37 AM
Hi,
just use a proxy server like Squid along with WCCP on the routing device to do transparent proxying.
Regards.
Alain
Don't forget to rate helpful posts.