Hello,

We will perform the same filtering we implemented in our last post. But this time we will use a Cisco router.

Configuration is very similar to the one we did in the ASA, but as not everybody can afford one of those firewalls we will use NBAR feature to achieve the same goal.

First, create the class map that will contain the domains we want to block:

class-map match-any BLOCK_SITE  
 match protocol http host "*google.com"

Then the policy map. We need it as it will specify the operation we can perform with the traffic matched in the class map:

policy-map BLOCK_SITE  
 class BLOCK_SITE  
 drop

And we need to apply the policy to the outside interface of our router, interface facing the Internet.

interface f0/0  
 service-policy output BLOCK_SITE

Ready. Following you can see the statistics of the policy working on the interface.

R1.jpg