06-22-2016 07:02 AM - edited 03-08-2019 06:19 AM
Hey there,
im using a cisco Catalyst 2960X switch 24 ports, and i need to block facebook, youtube, twitter, instagram and other urls using that switch.
I tried to configure a class-map but when i type "match protocol http url "*youtube.com", it gives me a error saying "invalid input detected at marker "^".
The marker "^" is located in the "u" of URL, if i change URL to HOST, the marker goes to "H" of host.
Can anybody tell me what is happening?
06-22-2016 07:32 AM
Hi Tinovaera:
why don't you create extended access control list and apply on incoming interface of switch? would be more easy just get the IP(s) of website and simply block them.
ping www.facebook.com and get the IP, better block /24 block
global config
ip access-list extended Block_Access
10 deny tcp 173.252.89.0 0.0.0.255 any eq http
same way you can get the the IP(s) for twitter and youtube.
do not forget to put "permit any any" once you block all required website(s) as by default there is deny statement in every ACL end.
in the end simply apply that ACL at incoming interface
interface gi0/0(example)
ip access-group Block_Access in
hope that help.
Kindest Regards,
Uzair
06-22-2016 08:08 AM
Hi tinovaera,
I am afraid that the Catalyst 2960X does not support this kind of functionality. The functionality you are referring to is based on NBAR (Network Based Application Recognition), and this Catalyst platform does not have the dedicated hardware to perform the necessary matching operations. While you can match on HTTP, you cannot match on URLs inside the HTTP requests.
This functionality is much more readily available on software-based routers where it is implemented in IOS.
Best regards,
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide