04-01-2019 02:15 AM
these are the settings
----------------------------------------
no ip source-route
no ip gratuitous-arps
!
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.10
!
ip dhcp pool LAN FAB1 DHCP
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 1.1.1.1 1.0.0.1
lease 7
!
!
!
no ip bootp server
ip domain name grupoterrasul.local
ip host www.facebook.com 10.10.10.10
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name autosec_inspect ftp timeout 3600
ip inspect name autosec_inspect http timeout 3600
ip inspect name autosec_inspect rcmd timeout 3600
ip inspect name autosec_inspect realaudio timeout 3600
ip inspect name autosec_inspect smtp timeout 3600
ip inspect name autosec_inspect tftp timeout 30
ip inspect name autosec_inspect udp timeout 15
ip inspect name autosec_inspect tcp timeout 3600
ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FCZ173691FR
!
!
archive
log config
logging enable
object-group network obj-facebook.com
!
!
!
!
class-map match-any url-bloquear-sites
match protocol http host "*youtube*"
match protocol http host "*facebook*"
match protocol http host "*xvideos*"
match protocol http host "*torrent*"
match protocol http host "*badoo*"
match protocol http host "*porn*"
match protocol http host "*twitter*"
match protocol http host "*bittorrent*"
class-map match-all FACEBOOKBLOCK
match protocol http host "www.facebook.com"
match protocol secure-http
!
policy-map FACEBOOK.COM-POLICY
class FACEBOOKBLOCK
drop
policy-map url-bloquearsites-policy
class url-bloquear-sites
drop
!
zone security inside
zone security outside
zone security dmz
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
spanning-tree portfast
service-policy input url-bloquearsites-policy
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface FastEthernet4
description TVBACO FIBRA 20M
ip address 192.168.100.77 255.255.255.0
ip access-group autosec_firewall_acl in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect autosec_inspect out
ip virtual-reassembly in
ip verify unicast source reachable-via rx allow-default 100
duplex auto
speed auto
service-policy input url-bloquearsites-policy
!
interface Vlan1
description LAN FAB1
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat inside source list 1 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 192.168.100.1
!
ip access-list extended NAT_FILTERING
ip access-list extended autosec_firewall_acl
permit udp any any eq bootpc
deny ip any any
!
logging trap debugging
logging facility local2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 permit udp any any eq bootpc
no cdp run
!
04-02-2019 07:40 AM - edited 04-02-2019 07:50 AM
bellow
04-02-2019 07:47 AM
Hi @Staline Satola
do sh class-map
{
Class Map match-any class-default(id 0)
Match any
}
{
Class Map match-any url-block-class (id 3)
Match protocol http host "*youtube*"
Match protocol http host "*yahoo*"
Match protocol http host "**facebook"
}
policy-map url-block-policy
class url-block-class
drop
exit
exit
show policy-map
Please check
Now lets apply the policy map inbound on the Lan interface Fa0/1(example)
int fa0/1
service policy input url block policy
Best Regards,
Josiane
04-02-2019 08:25 AM
04-02-2019 08:28 AM
04-02-2019 09:32 AM
You can access the inbound interface of your LAN.
That would be the example I gave fa0 / 1 = LAN inbound interface
Now lets apply the policy map inbound on the Lan interface Fa0 /1 (example)
Comands:
enable
conf t
int fa0 / 1 ("would be your inbound LAN interface"
service policy input facebook
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: