?
Solved

How to block youtube.com on my cisco router?

Posted on 2010-01-12
16
Medium Priority
?
4,671 Views
Last Modified: 2012-08-13
Hi

see when i apply acl to block youtube.com it works like this
13 deny tcp host 192.168.4.1 host 74.125.127.100 eq www (6 matches)
 but as u know these big guns ususally changes their site address dynamicly so acl is not working after youtube.com changes its ip any other thing that can block sites on dns base on cisco router?

all single ip based wesites are working like ciscoblog.com like this
14 deny tcp host 192.168.4.1 host 69.89.31.207 eq www (5 matches)

but on sites like youtube.com acl is  not working so please guide me what can be solution in this situation my router is on c7200 series its ios version is 12.4.

Thanks
0
Comment
Question by:dontdig
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
16 Comments
 
LVL 9

Expert Comment

by:Vito_Corleone
ID: 26294320
You can try this:

class-map match-any scum
 match protocol http url "*youtube*
!
policy-map die-scum
 class scum
  drop
!
interface <outside int>
 service-policy input die-scum

Basically just a modified version of this:

http://blogs.interfacett.com/mike-storm/2006/11/16/save-our-internet-bandwidth.html
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 860 total points
ID: 26294360
HI,,

Short answer: No, longer you able that, but manually deny ip addresses:

Using ACLs is the hard way actually but you can use it if you want!
Open up your command prompt type nslookup www.youtube.com >>>> a list with several ip addresses would come up you need to block traffic to and from them using an ACL and to make things worse do nslookup myspace.com a different list would come up those also needs to be blocked, same applies to facebook for example


however this requires some design considerations.
================
example for using the ACL

R1(config)#ip access-list extended BLOCK
R1(config-ext-nacl)#deny ip host 216.178.38.131 any
R1(config-ext-nacl)#deny ip any host 216.178.38.131
R1(config-ext-nacl)#deny ip host  216.178.39.14 any
R1(config-ext-nacl)#deny ip any host  216.178.39.14
...........................    <><<<<<<< Insert all ip addresses here
R1(config-ext-nacl)#permit ip any any  <<<<<<<<<< dont forget this


R1(config-if)#ip access-group BLOCK in   <><<<< Apply this ACL to your LAN interface
R1(config-if)#ip access-group BLOCK out
0
 
LVL 1

Author Comment

by:dontdig
ID: 26294487
thanks for replying

i tried as u described  but it didnt work!! youtube.com is still working shamelessly.... :-(
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26294528
it has a lot if IP addresses... I this case I advise to use a Proxy server, or local DNS, which is blocking youtube domain....
0
 
LVL 1

Author Comment

by:dontdig
ID: 26294622
i know alternatives like using an regex option in squid for "youtube"  but i wanted to learn via cisco router ..anything else u wanna suggest for this situation that can be done only by cisco router?

0
 
LVL 1

Author Comment

by:dontdig
ID: 26294653
@iklamar

actually its working but for now only  i put all addresses there but  it wil work for short period of time for instance one day

thanks
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26294683
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26294702
sorry not this link the good, I searching tthat you want...
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26294768
0
 
LVL 1

Author Comment

by:dontdig
ID: 26294901
ok thanks for link but iam not getting this what it is exactly and how can i  learn more on it actually iam  CCNA student but wanna dig deeper ;-)
0
 
LVL 1

Author Comment

by:dontdig
ID: 26294932
one last thing may i know how to block yahoo messenger via cisco router?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26294948
0
 
LVL 1

Author Comment

by:dontdig
ID: 26295026
@ikalmar

when i start following above article it gives me error

Router(config)#ip cef
access-list extended NAT_FILTERING cef
            ^
% Invalid input detected at '^' marker.

Router(config)#

this router has NAT/PAT enabled is this can be reason? but if i disable this  internet wont work for clients!!
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26295493
the right command is:

ip access-list extended NAT_FILTERING
0
 
LVL 1

Author Comment

by:dontdig
ID: 26299927
man iam talking about ip cef not abt named acl
0
 
LVL 1

Author Closing Comment

by:dontdig
ID: 31676144
Thanks man

Sorry for delay ;-D
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month8 days, 17 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question