now want to block specific URL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2015 01:20 AM - edited 03-07-2019 11:10 PM
Having 3750,3560 switch , which configured as L2 and connected thru L3 Switch.
Vlan Configured , now want to block specific URL
Please guide.
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2015 03:48 AM
Hi Piysuh,
Do a DNS resolution to the URL to find out the IP address of the URL.
You should be able block the communication towards that IP, by creating a ACL in the L3 switch. Create an ACL and apply that ACL in the proper L3 interfaces.
CF

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2015 04:03 AM
Becomes a headache when url's go to akamai or the likes ;-) one could be there for a week(s), month(s), year(s) configuring up an ACL the length of the eiffel tower!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2015 03:59 AM
URL Filtering should be done on a proxy or firewall, not a switch/multilayer switch.
Having said this, you could resolve the IP address of the domain name via nslookups that they are trying to get to and create an ACL inbound or outbound for that ip address (multiple ip addresses for urls)
With a router you could do this for http traffic
Class-map match-any URL-filter match protocol http host "*domain.com*" ! policy-map Inspection class URL-filter drop ! !on the external interface service-policy output Inspection
https traffic might be more difficult in which case, get a firewall / proxy.
You could also "black hole" the DNS entry by pointing the url domain at some other non existent ip address. You would have to have control over the DNS server or turn your router/switch to resolve DNS and become dns server on your local LAN.
