Can we use NBAR on the gateway router to prevent internal users from watching video streams from any video web site (like Youtube.com)?
Yes, NBAR can be used to apply application based filters such as blocking youtube.com traffic. To accomplish this we can categorize traffic based on the HTTP hostname. Next we will create a policy-map that matches the youtube.com class and drops the traffic. Lastly the policy is applied outbound to the Internet. Syntax-wise this would read:
R1# class-map match-all YOUTUBE match protocol http host "*youtube.com*" ! policy-map DROP_YOUTUBE class YOUTUBE drop ! interface FastEthernet0/0 description TO INTERNET service-policy output DROP_YOUTUBE
NBAR for HTTP can also be used to match based on URL string or IANA MIME type. For more information see:
About Brian McGahan, CCIE #8593, CCDE #2013::13:
Brian McGahan was one of the youngest engineers in the world to obtain the CCIE, having achieved his first CCIE in Routing & Switching at the age of 20 in 2002. Brian has been teaching and developing CCIE training courses for over 10 years, and has assisted thousands of engineers in obtaining their CCIE certification. When not teaching or developing new products Brian consults with large ISPs and enterprise customers in the midwest region of the United States.
12 Responses to “Using NBAR for Application Filtering”
Leave a Reply