You don’t need to buy a expensive firewall or UTM appliance to do internet content filtering and usage monitoring.
In this post, I will guide you to deploy a passby internet content filter simply with a cisco switch.
Most cisco switch supports “port mirroring(SPAN)” feature. You may use below commands to enable it:
1. Set source port
Switch(config)#monitor session 1 source interface Fa0/23
2. Set target port
Switch(config)#monitor session 1 destination interface Fa0/22 ingress vlan 1
Then, you need to install a passby filtering program(ie: WFilter internet content filter) in a windows PC, and connect this PC to the “target port”. So you can monitor and filter internet access of network clients. Please note: “ingress” must be enabled for filtering to work.
The new diagram:
Pass-by filtering can also be as powerful as a pass-through UTM device, except for bandwidth rate limiting. For more information, please check: WFilter deployment.