Do Cisco switches have this security function?

Unanswered Question
Feb 17th, 2008
User Badges:

During the course of studying, I came across some security features for switch ports. I am about to put a Cisco switch on my home network and would like to specify the time of day that a client PC can use the port. (e.g. the port is allow traffic from 9am-6pm, the port would shutdown other times.) Is there such a feature with Cisco switches? If yes, what is the minimum IOS version supports it?


Thanks. - AC

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
alexmchau Mon, 02/18/2008 - 05:55
User Badges:

Thanks. That's good information. But I think this is overkill in SOHO. I do have a need to limit the WWW access to my kids. I have another simple idea to use a router instead. I'm going to put the kid's PCs on a different subnet and put a router in between. Original network on E0/0, kid's network on E0/1. Using Time-based ACL, I should be able to limit the access as follows:-


Interface E0/0

IP address 192.168.0.2 255.255.255.0

IP access-group 101 in


access-list 101 deny TCP any any eq WWW

time-range no_http

access-list 101 permit IP any any


time-range no_http

periodic daily 20:00 to 08:59



Comments? Anyone? Thanks.


- AC

alexmchau Mon, 02/18/2008 - 05:56
User Badges:

Thanks. That's good information. But I think this is overkill in SOHO. I do have a need to limit the WWW access to my kids. I have another simple idea to use a router instead. I'm going to put the kid's PCs on a different subnet and put a router in between. Original network on E0/0, kid's network on E0/1. Using Time-based ACL, I should be able to limit the access as follows:-


Interface E0/0

IP address 192.168.0.2 255.255.255.0

IP access-group 101 in


access-list 101 deny TCP any any eq WWW time-range no_http

access-list 101 permit IP any any


time-range no_http

periodic daily 20:00 to 08:59



Comments? Anyone? Thanks.


- AC

Edison Ortiz Mon, 02/18/2008 - 07:28
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Definitely an overkill for SOHO, I was not aware of your target audience :)


Time-Based ACL should do the trick if you want to block internet browsing during certain hours.

One thing to keep in mind, internet is not only done via port 80. There are bunch of applications out there that do not rely on port 80. If you don't want your kids out of your network, just deny ip any any on that subnet and just allow yourself :)


__


Edison.

alexmchau Mon, 02/18/2008 - 11:51
User Badges:

Already thought of that but there are a few school related software that would need to run with an internet connection. It is just WWW access that I would need to restrict at this time. This will make them more focus on the school work. Unless my kids figure out how to hack around, I think WWW restriction is all we need at this time.


Thanks. - AC

Actions

This Discussion