Access list

[windsorking]

I have PC's and a device called an instant internet box on the same segment. Can I set up an extended IP access list to prevent particular PC's from getting to the Internet box.

My confusion is in the fact that they are both on the same segment. I thought trafic would have to pass through the router in order to filter it.

 

[wybnormal]

You can place the Instant Box on it's own segment then apply the access list. You could use VLANs on a switch, if you have a fairly new switch you could use some QOS to the port. Without knowing much more, I would lean to putting the new box on it's own IP subnet and then route it through the accesslist

Anyone else got a cleaner idea?

Mike S

 

[bjhagroo]

Without knowing your box, I can tell you most of these boxes have a setting to filter on Ip addresses, but you will have to disable DHCP if you are using it. You can also write extended access-list to filter on HTTP, PORT #'s , specific IP addresses. Just remember if you put deny statements first in an access-list you must put an "access-list xxx permit IP any any" at the end of the list or the "implicit deny" will deny all users.