noricorp
asked on
How to set up URL Filtering on Cisco 2811 for certain Computers
I have a cisco 2811 router. All machines on the network have static IP's. I would like to filter the websites that certain groups of employees can access. Can I accomplish this with the Cisco 2811? If so how
websense is the primary method of filtering, however it required a server and software to run it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
that1guy15:
How do i create a group of Ip's for those policies to apply to?
How do i create a group of Ip's for those policies to apply to?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you would like you can give me some details of what you are trying to block and from what ip ranges and i can put something together for you. It just might take me a little time. Or i dont mind walking you through it.
let me know
let me know
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Lets say I wanted to set it up so a block of IP's let say 192.168.0.40 - 192.168.0.60 these URL filters apply.
Or If I wanted to specify certain IP's not in a range how would I do that?
Or If I wanted to specify certain IP's not in a range how would I do that?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
that1guy15 is correct. Your best bet is to segment the people you want blocked in to a new VLAN and then block that entire VLAN's subnet from accessing the websites, that way you won't need to muck around with wildcard masks and every time you want to block a new user, you won't need to change the ACL, you just put them in the new VLAN and your done.
It is all about automation as opposed to manual work.
It is all about automation as opposed to manual work.
ASKER
When I run this command :
interface FastEthernet0/1
service-policy output BLOCKED_SITES
I get this:
Router(config-if)#service- policy output BLOCKED_SITES
Policy map CORP_QOS is already attached
I previously had set up QOS for my IP Phones
interface FastEthernet0/1
service-policy output BLOCKED_SITES
I get this:
Router(config-if)#service-
Policy map CORP_QOS is already attached
I previously had set up QOS for my IP Phones
you can only have one service-policy per interface so you will need combine the two policies.
ASKER
How do I accomplish that?
could you post your two policies and ill see what we can do.
ASKER
Router#show policy-map
Policy Map exit
Policy Map CORP_QOS
Class SIP_VOIP
priority 43 (%)
Class class-default
fair-queue
Policy Map BLOCKED_SITES
Class BLOCKED_SITE1
drop
Policy Map exit
Policy Map CORP_QOS
Class SIP_VOIP
priority 43 (%)
Class class-default
fair-queue
Policy Map BLOCKED_SITES
Class BLOCKED_SITE1
drop
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.