NBAR = more fun!

I have been playing with two of my new routers (2610XM) in preperation for the ONT exam. Going back on previous post on QOS by slowing down users, blocking sites and types of file extentions can also make you unpopular at work.
Suppose we want to block youtube and facebook (worst invention ever!) these two sites. We can use the following commands to do this:


class-map match-any BLOCKED_SITES
match protocol http host "*youtube.com*"
match protocol http host "*facebook.com*"
!
policy-map DROP_WEB
class BLOCKED_SITES
drop
!
interface FastEthernet0/0
description Connected to the LAN
service-policy input DROP_WEB

Now suppose we want to block files having extensions .exe and .bin:


class-map match-any BLOCKED_URLS
match protocol http url "*.exe|*.bin"
!
policy-map DROP_WEB
class BLOCKED_URLS
drop
!
interface FastEthernet0/0
description Connected to the LAN
service-policy input DROP_WEB

Advertisements

~ by bigevil on October 27, 2009.

 
%d bloggers like this: