Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1138
Views
2
Helpful
9
Replies

site block

rk6171485
Level 1
Level 1

‎07-25-2023 03:44 AM

how can i block youtube from cisco L3 switch completely for all system.

Labels:
9 Replies 9

MHM Cisco World
VIP
VIP

‎07-25-2023 03:47 AM

I will check if L3SW accept ACL with hostname not IP

0 Helpful

rk6171485
Level 1
Level 1
In response to MHM Cisco World

‎07-25-2023 03:53 AM

please check and provide the completed best solutions.

0 Helpful

M02@rt37
VIP
VIP
In response to rk6171485

‎07-25-2023 04:10 AM

Hello @rk6171485,

best way with hostname on ACL instead of IP ... @MHM Cisco World is checking I think.

If not, you can retrieve youtube IPs ; do nslookup of youtube and check/note the IP adresses. Do named ACL with these IP.

It is not dynamic theis method you should check IPs regularly.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

rk6171485
Level 1
Level 1
In response to M02@rt37

‎07-25-2023 04:13 AM

pls share the completed solution with command

 

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎07-25-2023 04:54 PM

A couple of possible (?) issues, with your reference's suggestions.

I thought when you use host names in ACLs, they only get resolved at the time of ACE entry.(??)

Also, many websites, now a days, use https, not just http.  I.e. blocking just port 80 might be insufficient.

0 Helpful

Flavio Miranda
VIP
VIP

‎07-25-2023 04:20 AM

Hi @rk6171485 

 This is not possible and, if possible, not recommended. L3 switch is meant to be routing and switch. If you need to block content you need a proxy.

YouTube have tons of domains and tons of IP address and sooner or later you end up seing traffic for that site. Furthermore,  FQDN ACL that could be an auternative, can increase the CPU usage and impact your device on what it needs to do which is routing and switching.

 

0 Helpful

M02@rt37
VIP
VIP
In response to Flavio Miranda

‎07-25-2023 04:51 AM

hello @Flavio Miranda,

"can increase the CPU usage and impact your device on what it needs to do which is routing and switching."

You're right but depend on the L3SW in this case.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎07-25-2023 10:51 AM

As already described, you can block all the IPs associated with Youtube.  Also as noted, IPs likely to change from time to time, so you would need to keep on top of this.

Depending on you control over your DNS, for your internal systems, you could block DNS resolution for Youtube.

Whether blocking IPs and/or DNS resolution, someone "clever" might use an "anonymizer" site to access Youtube.

0 Helpful
Customers Also Viewed These Support Documents