Using switch or router ACL to block streaming traffic

32960 pts.
Tags:
ACL
Cisco IOS
Firewalls
Internet
NetScreen
Network traffic management
PIX
Routers
Security
WAN
I would like to block streaming media requests using either the LAN switch or the site edge router. The site is on a private network and does not have a local firewall at the edge. Has anyone used Cisco ACL's for this purpose and if so, how did you do it? Or, would I be better implementing a Netscreen or PIX for this purpose?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Using ACLs is the hard way actually but you can use it if you want
for example open up your command prompt
type nslookup www.myspace.come >>>> a list with several ip addresses would come up you need to block traffic to and from them using an ACL
and to make things worse do nslookup myspace.com a different list would come up those also needs to be blocked, same applies to facebook for example

So my suggestion is to use Quality of Service
you need to identify whats your main office applications together with their port numbers and put those in a class with lets say 90% of the BW, and the web traffic port 80 and 8080 in a separate class with a minimal BW that way you have minimized the web problem for ever without worrying, because if users stopped using myspace they will use facebook and if they stopped facebook they can use online streaming , etc…..
however this requires some design considerations.
================
example for using the ACL

R1(config)#ip access-list extended BLOCK
R1(config-ext-nacl)#deny ip host 216.178.38.131 any
R1(config-ext-nacl)#deny ip any host 216.178.38.131
R1(config-ext-nacl)#deny ip host 216.178.39.14 any
R1(config-ext-nacl)#deny ip any host 216.178.39.14
……………………… <><<<<<<< Insert all ip addresses here
R1(config-ext-nacl)#permit ip any any <<<<<<<<<< dont forget this

R1(config-if)#ip access-group BLOCK in <><<<< Apply this ACL to your LAN interface
R1(config-if)#ip access-group BLOCK out

You need a router to apply this access list.

Check this link <a href=”http://www.ciscoblog.com/archives/2006/11/throttling_band.html”> too

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Labnuke99
    Thanks for the info. So, based on this answer, it is best to block by IP addresses. What if I wanted to block by TCP ports. Do you have any references about what should be blocked for streaming media? I want to block this inbound traffic to clients on a particular subnet. We will be adding offending user computers to this subnet so they will have this traffic blocked.
    32,960 pointsBadges:
    report
  • Kevin Beaver
    This can be a difficult task because it seems like every type of streaming media is done a little differently. I've found the best thing for blocking (and subsequent monitoring) of this type of traffic is a Web content filtering system like those offered by Marshal Software, St. Bernard, etc.
    17,625 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following