03-20-2015 01:20 AM - edited 03-07-2019 11:10 PM
Having 3750,3560 switch , which configured as L2 and connected thru L3 Switch.
Vlan Configured , now want to block specific URL
Please guide.
03-20-2015 03:48 AM
Hi Piysuh,
Do a DNS resolution to the URL to find out the IP address of the URL.
You should be able block the communication towards that IP, by creating a ACL in the L3 switch. Create an ACL and apply that ACL in the proper L3 interfaces.
CF
03-20-2015 04:03 AM
Becomes a headache when url's go to akamai or the likes ;-) one could be there for a week(s), month(s), year(s) configuring up an ACL the length of the eiffel tower!
03-20-2015 03:59 AM
URL Filtering should be done on a proxy or firewall, not a switch/multilayer switch.
Having said this, you could resolve the IP address of the domain name via nslookups that they are trying to get to and create an ACL inbound or outbound for that ip address (multiple ip addresses for urls)
With a router you could do this for http traffic
Class-map match-any URL-filter match protocol http host "*domain.com*" ! policy-map Inspection class URL-filter drop ! !on the external interface service-policy output Inspection
https traffic might be more difficult in which case, get a firewall / proxy.
You could also "black hole" the DNS entry by pointing the url domain at some other non existent ip address. You would have to have control over the DNS server or turn your router/switch to resolve DNS and become dns server on your local LAN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide