How to stop downloads (mp3,mpg,avi,exe etc)

[panos1968]

I HAVE 2 SEPARATED ADSL LINES AND 2 ROUTERS.
1 837 ROUTER-LINE:512KBPS AND 1 877 ROUTER-LINE:1024KBPS.
I WANT TO GIVE FULL INTERNET ACCESS TO USERS BUT I WANT TO STOP ALL DOWNLOADS BECAUSE I HAVE SERIOUS PROBLEMS (SPYWARE,TROJANS,VIRUSES AND LOW INTERNET AND LAN SPEED).
I WANT TO DO THIS BY CISCO IOS COMMAND LINE.
CAN YOU HELP ME PLEASE?

 

[watchguardmonkey]

put an access-list on your LAN interface blocking the ports used by download apps, admittedly this might turn out to be extensive and may not be the way to do it to cover all your problems.

do you run a anti-virus on the LAN users? this will help with trojans and viruses.

and installing a good firewall would also help.

rgs

WGM

 

[JOAMON]

That will be hard to do with command line. You might consider a Web Filter like Surf Control to do this. We use it and it works well.

 

[KiscoKid]

Only way I know to do this via CLI that comes close to this is to configure NBAR (Network Based Application Recognition) on the router. The following link goes into detail about it and, more importantly, provides some examples:

http://www.cisco.com/en/US/products..._guide_chapter09186a0080455985.html#wp1073317

Because NBAR utilises policy maps, you can extend their usage and include shaping/policing or bandwidth limits in that policy.