We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 588 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


312 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. you can block http site with that, but you cannot block HTTPs sites with these

  2. Hi Sameer,

    I just updated the article to show you why we can't block HTTPS with NBAR.


  3. system says:

    Unfortunately, can't block https (youtube, mail.ru, etc)
    Instead create access-list and deny all ip for approxx 30 addresses for youtube.
    Is another way to block youtube for example?

  4. Hi Vitaly,

    HTTPS won't work since NBAR can't look into the packets. I don't think Youtube publishes a list of all IP addresses that they use, maybe you can lookup their AS number, find the IP addresses and block those:


    If you enter "Youtube" you can see that they use AS36561 and AS43515. You can lookup those IP addresses and block those.

    Perhaps a better method would be to fix this using DNS. Use your DNS server so resolves youtube.com to a custom webpage and configure your firewall so users can't use another DNS server.


  5. Hi Rene,
    In order for NBAR to work, it should have been enabled previously on the router, right?
    Cisco1841(config)#int vlan 1
    Cisco1841(config-if)#ip nbar protocol-discovery

    Thank you!

4 more replies! Ask a question or join the discussion by visiting our Community Forum