10-03-2012 10:17 AM - edited 03-07-2019 09:15 AM
Hello,
What are the command for blocking unwanted URL on my network, for example, I want to block www.facebook.com on my network, can anyone help me with the commands.
I will also like to know how to add security to the network, please note the router is NOT a wireless router.
Thank you in anticipation.
Solved! Go to Solution.
10-08-2012 01:48 AM
Hi,
Could you do this:
conf t
ip bootp server
int g0/0
no ip helper-address 10.10.10.1
Regards.
Alain
Don't forget to rate helpful posts.
10-08-2012 01:51 AM
Hi Alain,
Done, but still nothing happened
income(config)#ip bootp server
income(config)#int gig0/0
income(config-if)#no ip helper-address 10.10.10.1
income(config-if)#end
income#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
income#sh run
Building configuration...
Current configuration : 3439 bytes
!
! Last configuration change at 08:48:50 UTC Mon Oct 8 2012
! NVRAM config last updated at 08:49:06 UTC Mon Oct 8 2012
! NVRAM config last updated at 08:49:06 UTC Mon Oct 8 2012
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname income
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200
logging console critical
enable secret 5 $1$K/Wt$MOaWnBNOE9rLay.m8Sh4a.
enable password 7 151B050F0B272E76
!
aaa new-model
!
!
aaa authentication login default none
aaa authentication enable default none
aaa authentication ppp default none
!
!
!
!
!
aaa session-id common
!
!
no ipv6 cef
no ip source-route
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1 10.10.10.39
!
ip dhcp pool users
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 217.117.0.38 10.10.10.244
!
!
ip domain name incomeelectrix
ip name-server 217.117.0.38
ip name-server 10.10.10.244
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941/K9 sn FCZ1633716L
license boot module c1900 technology-package securityk9
license boot module c1900 technology-package datak9
!
!
username income privilege 15 secret 4 HSyp0yWKpXLGNBvuMAwswNaIjZOwIZdQsd4T3M2hSo
A
!
redundancy
!
!
!
!
ip tcp synwait-time 10
!
class-map match-any BLOCKED
match protocol http host "*facebook.com"
match protocol http host "*youtube.com"
!
!
policy-map BLOCK
class BLOCKED
drop
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
!
interface GigabitEthernet0/0
description $ES_LAN$$ETH-LAN$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
service-policy input BLOCK
!
interface GigabitEthernet0/1
description $ES_WAN$$ETH-WAN$
ip address 41.75.205.190 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
!
router eigrp 109
network 10.0.0.0
network 41.0.0.0
!
router rip
version 2
network 10.0.0.0
network 41.0.0.0
no auto-summary
!
ip default-gateway 41.75.205.189
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat pool overld 41.75.205.190 41.75.205.190 prefix-length 24
ip nat inside source list 7 pool overld overload
ip route 0.0.0.0 0.0.0.0 41.75.205.189
!
logging trap debugging
access-list 7 permit 10.10.10.0 0.0.0.255
access-list 199 permit icmp any any
!
no cdp run
!
!
!
!
snmp-server community public RO
!
!
!
control-plane
!
!
banner login ^CWelcome to Incomeelectrix.^C
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
password 7 11001706181F0E5D
transport input telnet ssh
transport output telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
end
income#
10-08-2012 01:59 AM
Hi,
has your router been restarted since you had the problem ?
Can you do debug ip dhcp server packet and then one one host: ipconfig/release then ipconfig/renew
and post output of the log.
Regards.
Alain
Don't forget to rate helpful posts.
10-08-2012 01:59 AM
Hi Alain,
I also noticed something, the router is connected to a switch, every system I connected to the switch directly using a cable can access the internet, but other systems connected via a wireless access points (the access points are connected to same switch with cables) cannot access the internet. This was not the case before, I seem to be doing some authentication or authorisation configuration wrong.
Regards
10-08-2012 02:16 AM
Hi,
one stuuf you should do also is disable dhcp conflict logging as you have not configured any dhcp database.
conf t
no ip dhcp conflict logging
Concerning the wireless devices , we need more infos as we only got the router running config here.
Do they get a dhcp ip address?
Regards.
Alain
Don't forget to rate helpful posts.
10-08-2012 02:20 AM
Hi,
They are configured to get IP addresses from the router, they have been working before now, so I doubt the problem is from the wireless access points.
I have restarted the router. still no joy.
10-08-2012 02:29 AM
Hi,
did you configure no ip dhcp conflict-logging ?
post the debug ip dhcp server packet output when trying to renew on a wireless host.
post also the output from:
sh ip dhcp binding
sh ip dhcp pool users
Regards.
Alain
Don't forget to rate helpful posts.
10-08-2012 02:39 AM
income#sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
10.10.10.40 01cc.b255.badb.8c Oct 09 2012 09:13 AM Automatic
10.10.10.41 01a0.4e04.0a16.e5 Oct 09 2012 09:15 AM Automatic
10.10.10.45 01cc.b255.badd.22 Oct 09 2012 09:27 AM Automatic
10.10.10.46 015c.95ae.ea8c.31 Oct 09 2012 09:19 AM Automatic
10.10.10.47 01e0.b9a5.cdaa.a3 Oct 09 2012 09:27 AM Automatic
10.10.10.48 0100.26c6.770e.64 Oct 09 2012 09:29 AM Automatic
10.10.10.49 0100.24be.c0f2.48 Oct 09 2012 09:29 AM Automatic
10.10.10.51 0100.23d3.0115.df Oct 09 2012 09:33 AM Automatic
10.10.10.52 0100.026f.4c86.2d Oct 09 2012 09:33 AM Automatic
income#
income#sh ip dhcp pool users
Pool users :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 9
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
10.10.10.53 10.10.10.1 - 10.10.10.254 9
income#
10-08-2012 02:50 AM
Hi,
ok what about the debug output when renewing ip from wireless device ?
Regards.
Alain
Don't forget to rate helpful posts.
10-08-2012 05:17 AM
Hi Alain,
Each PC were able to do the ipconfig /release and /renew command, like I said earlier, I realised they can access the internet when connected to the switch using a cable, but will not identify a network when connected to the Access Points.
I had to reconfigure each Access Points again with a newer SSID for other systems to be able to connect to the Internet.
At this moment, I can connect them using 2 AP, while I think I will reconfigure the other 2 APs.
With this capacity, I can manage the systems to work, while I sort out the pending issues.
I will send you a PM for the network as initially discussed, so you can help take a look.
Cheers.
06-21-2023 07:02 PM
does not work
02-16-2015 04:08 AM
dear cadet,
it's does not work out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide