Hi Brian,

Can we use NBAR on the gateway router to prevent internal users from watching video streams from any video web site (like


Hi Ahmed,

Yes, NBAR can be used to apply application based filters such as blocking traffic. To accomplish this we can categorize traffic based on the HTTP hostname. Next we will create a policy-map that matches the class and drops the traffic. Lastly the policy is applied outbound to the Internet. Syntax-wise this would read:

class-map match-all YOUTUBE
match protocol http host "**"
policy-map DROP_YOUTUBE
interface FastEthernet0/0
description TO INTERNET
service-policy output DROP_YOUTUBE

NBAR for HTTP can also be used to match based on URL string or IANA MIME type. For more information see:

Network-Based Application Recognition and Distributed Network-Based Application Recognition

Brian McGahan, CCIE #8593, CCDE #2013::13
About Brian McGahan, CCIE #8593, CCDE #2013::13

At the age of 20, Brian McGahan earned his first CCIE in Routing & Switching, and became known as the “youngest engineer in the world.” He continued on to earn CCIE certifications in Security, Service Provider, and Data Center. Brian has developed and taught for INE since 2002, setting the bar for CCIE training and helping thousands of engineers obtain their own certifications--we’re proud to have such an accomplished and driven instructor on the INE team. When he is not developing new products for INE, he consults with large ISPs and enterprise customers. You may contact Brian McGahan at or find him helping others in INE’s IEOC Community Forum.

Subscribe to INE Blog Updates

New Blog Posts!