Cisco WAN :: 2921 - Block Mac Based System To Access Internet?
Aug 22, 2012
I have a netwokr in which users are getting ip address from DHCP server that is window server.i want to block some users to access interent by using their device mac address.i have these devices in my network...
2921 cisco cme router
cisco 2960 switches
cisco 892 cisco internet router
internet ADSL that cnnected with cisco 892...
wireless AP 1142...
i have no firewall or any asa...how can i block some users for accessing internet but they can access internal network...for file sharing and prinitng,...
I'm configuring a 2921 Router. It has 3 GigE ports, of which I'm using 2. I would like the router to also act as a Gateway system between the 2 networks. Can you tell me which configuration commands I need to accomplish this?
I'm designing a new topology to access to the Internet using Cisco2921 NAT and MS ISA Firewall. I'm going to use ISA as a proxy to public some internal services and to provide internet access for my users. ISA won’t use NAT. It will route traffic. Cisco 2921 will handle NAT, ISP Failover and IPSec VPN to datacenters.
Cisco 3750 will route outbound internal traffic.My routing for internal users on Cisco 3750 will look like this: [code] My question is about route from Cisco 2921 to my local network 192.168.0.0/22.If I use this route, I'll restrict my traffic from datacenter to go through ISA server BUT all responses from the Internet will go directly to 3750 too.I doubt about security and functionality of such solution. Of course I will public my internal resources to internet that way. It is on Cisco 2921
ip nat inside source static tcp 172.16.0.2 80 (my external IP) 80.I could use PBR to divide my traffic from datacenter and other traffic, but I don't know how to use PBR with IPSec VPN traffic.
the cisco 2921 Router has a default ip hhtp access class command found in it. Just i changed the default IP to the new ip i will use.The Router is accessable from the LAN only but not from the internet configured the Public ip . I think this is due to the standard access list 23 . how will i access the Router from the Internet using the Public IP.
I would like to make a monitoring system of my network based on Zabbix . I would like to use SNMP protocol with the Cisco RV180W but in that case, i need its MIB table to generate appropriate OID for CPU and memory using and network information. Where i can find this kind of information ?
A I went over to a friend's house to fix some problems with his computer. He has a Windows XP Home Edition desktop. I used System Restore to fix some kinks with it, and now the computer has no Internet access, and I have no idea how to get it back. I tried reversing the System Restore and turning it off, but that's not working. They said that the connection was fine, but that the computer could not read the modem.
One of my Clients just aquired a CISCO ASA firewall, and they would like to restrict internet access, that is they want to block internet for Junior employees while managemnet remains connected, Looking at the situation, The ASA serves as the gateway,I tried an Access list like below for one pc to test if it works but instead everyone just went off, may be i misfired somehwere.
Access-list 110 deny tcp any host 192.168.20.100 eq wwwAccess-list 110 deny tcp any host 192.168.20.100 eq 443Access-list 110 permit tcp any any eq wwwAccess-list 110 permit tcp any any eq 443access-group 110 in interface inside
I am setting up a network for a friend with children. He has a BT homehub and wants to block their access between certain hours. However by using access control on BT it tells you that you have been blocked which is no good as he cannot feign ignorance and pretend he doesn't know what to do (as his kids will pester him to fix it). He therefore wants to block their access more discreetly (as if the internet was generally timing out or messing up instead of actually displaying they have access control).Is there a way to block an individual's access on the router without blocking everybody either on a timer or manually done each time (thus if there isn't a way of automating it he can at least do this manually each time).
How do I configure Cisco ASA 5505 (using ASDM 5.2) to block a workstation (IP address) from accessing internet completely? I was trying to set up a new incoming access rule for outside interface to deny any IP traffic to that workstation but it doesn't work from some reason - the workstation can still access the internet. The ASA has no special settings, only a few ports opened for servers?
How can I block my son's computer from internet access through our wireless router without having his computer in hand? I have accessed the router on line but don't know what to change there.
I am trying to allow a block of 7 or 8 devices to access the internet all the time. Two other devices I would like to allow internet access during a set time range. Finally I would like to block internet access to all devices not in one of the above groups. I need to use MAC addressing to identify the allowed devices. I was able to do this with my old WRT-54G but the DIR-825 is giving me trouble.My main problem occurs when I try to block access to "Other Machines". When I do that all devices on my network are cut off the internet.
I have an EA4500. I am trying to block a specific site based on keywords in the webpage address. how to get the EA4500 to block sites with based on keywords.
I have the Qwest/Actiontec Q1000 modem/router. I go to the ip address using my web-browser and open up advanced configurations -> access scheduler. I select a computer (and it automatically adds the MAC address) and then the days/times I want the internet to be accessible. However, when I click "add" (to add my internet allowance to the scheduler list) it just says 12:00 to 0:00, which is essentially permanently blocking the internet for that computer.
I have a windows server 2003 ent., with about 6pcs and a couple of macs. I don't want the server to connect to the internet, though every computer only has one network card. I want all the clients to access the internet but not the server. How do I set this up.
Is it possible to have my file server only accessable in the LAN. I would like to block all inbound/outbound traffic outside of the LAN. I back up all of my personal files to that server and some contain sensitive information.
E2000 about a years old.One of the rule is to block internet access from 1am to 4am for certain internal IPs.Working fine until a week ago. Once the time kick in, the E2000 will not route any internet access for any internal IP until the unit is power off and power on reboot.If that rule is disabled. then the E2000 will route all days and nights with no problem.Updated firmware to 1.0.0.4 already.I replaced the WRT45 because of the same problem a year ago. Now just about a year, this E2000 keeps blocking all traffic.
We have an RVS-4000 router that we use as an Internet gateway on our school network. I am trying to set up an Internet Access Policy to block some specific websites by URL using a domain name. I set up the policy, and added a PC to the list using the mac address, and the blocking did not work. I went back to the list and added the IP address of the same PC, the policy still did not work to block the domain. I rebooted the router, cleared the Internet Temporary files and history on the PC, and the policy still does not work. It acts like it is going to block access to the website because it takes a long time, but it will eventually connect.
I have a Cisco C3560CG which is running C3560c405ex-UNIVERSALK9-M), Version 12.2(55)EX2.The switch has vlan 1 and vlan 50 configured, vlan 50 should have access to a limited number of host in vlan 1.The following acl has been applied on the inbound to vlan 50:
I sure the above would work, but for some reason some of the packet counter are not incrementing but the traffic is being blocked. But I would like to see the counter increment.Also I have that I may beed to use VACL wouls this be the case?
Setup firewall rules that will block all inbound Internet access to the web server except port 443, Setup firewall rules that will block all communication between the two internal networks, except ports 7000 and 1702
i want to block all internet access on all my computers from the time range of 9 PM to 8 PM. Yes, that gives 1 hour of internet access per day. However, it seems that there are certain rules of the router that won't let me do this. It seems I can't make 2 different policies for PC's within the same IP range (192.168.1.0 to 192.168.1.254) , it gives me the error: "The values you entered are invalid. Please try again."every time I try to do so. And when I try to give the time range from 9 PM to 8 PM it gives an error stating that the end time must be bigger than start time. I am using the WRT54GL with firmware v4.30.7.
On E4200 Firmware Version: 1.0.03, I managed to successfully set up "Internet Access Policy" (not the "Parental Controls") to set up the times when internet access is disabled for various IPs on my network.
But I could't setup a policy to block facebook.com. What I am doing wrong? See the attached screen shot. I did click the "Edit List" and apply this polity to the IP Address Range 192.168.1.2 to 192.168.1.254.
Why does my E1200 forget my Parental Control Password? This happens almost weekly and I have to use the "forgot password" option. It asks my security question, I answer it and set the new password to the same password it keeps forgetting. Why does this happen? Also, is there anyway to have total 24hr control on the Block Internet Access?
I have configured my e4200 to block traffic at certian times uses both the Parental Controls and the Intenet Access Polices. Neither one seems to work though. [code] I have the same MAC addresses specified in each rule. Initally I had only the first two rules. Those didn't work, so I added rule 3 and 4 (they do the same thing as rules 1 and 2 but from the opposite direction). There are no compliaints, but they don't stop any traffic.
I started with the Parental Controls, they didn't work either. The page in there that lets you pick which machines you want to block seemed next to worthless. I have about four rows listed as "Network Device." REALLY LAME! As the MAC addresses are accesible and these weren't working I went to the IAP.
we just bought a 2921 with the following modules: 4 port clear channel T1/E1 HWICSM-ES3G-24-P: EtherSwitch.I read some CISCO documents, and not be able to find what I need. I would prefer all instructions from you are for CLI interface.This is my first time to deal directly with T1, WIC and 2921 etc. The following is what I get from ATT, IP masked IP Address Block IP Address: 20.20.20.136/29 WAN Link Details: WAN Link IP Address:13.13.13.92 AR Serial INT IP Address:13.13.13.93 CR Serial INT IP Address:13.13.13.94 WAN Link Subnet Mask:255.255.255.252
A: how do I configure T1, what does "AR, CR" stands for, and do I need to use both IP addresses? What is the WAN Link IP for?
B: We have two T1 lines, so I should plug them both to the WIC, say port 0 and port 1, how to configure them?
C: how do I access the firewall from the command line?
D: I followed T1/E1 HWIC installation guide, and as soon as I add channel-group to the controller t1, the serial interface went down?
I need to configure the access list on the outbound internet port to accept the following:
ip access list 10 access-list 10 permit PPTP vpn any xxx.xxx.xxx.xxx access-list 10 permit RDP any xxx.xxx.xxx.xxx access-list 10 permit FTP any xxx.xxx.xxx.xxx access-list 10 permit Postgresql any xxx.xxx.xxx.xxx access-list 10 permit MacARD any xxx.xxx.xxx.xxx
This method does not work on the Cisco 2921 router with FW
I have a 2921, and I have 4 network segments. In segment 172.16.0.0./27 I wand to "pair" somehow connections. I mean IP 172.16.0.x has to have MAC aaaa.bbbb.cccc and so on, and not accept connections otherwise.How can I do that?
It seems that Cisco mentioned, in their data sheet of 2921 ISR, that it can support up to 50Mbps. However, from Google search, it says 2921 can handle 100Mbps with no problem.I am planning on getting 2921 ISR in small office where only ~10 people are connected to it. And we do have two different line of 100Mbps ISP internet line and wish to share them in the office.I am confused why ~$2k router can not support 100Mbps where ~$100 consumer routhers like Linksys has no problem with handling that speed. The reason why I am planning on 2921 is the rich feature like Voip solution (CME) it offeres. I have several remote offices that needs to be connected with Voip phones. and I could go with UC500 series but it seems to me UC500 does not support IP Phone 9900 series.
i m planning to use the 2921 router for both mpls and internet connection , to 2 different isp also am planning to use bgp with a public providor independant
