02-17-2008 12:58 PM - edited 03-05-2019 09:12 PM
During the course of studying, I came across some security features for switch ports. I am about to put a Cisco switch on my home network and would like to specify the time of day that a client PC can use the port. (e.g. the port is allow traffic from 9am-6pm, the port would shutdown other times.) Is there such a feature with Cisco switches? If yes, what is the minimum IOS version supports it?
Thanks. - AC
02-17-2008 01:50 PM
You need to get familiar with 802.1x
http://www.cisco.com/en/US/products/ps6662/products_ios_protocol_option_home.html
HTH,
__
Edison.
02-18-2008 05:55 AM
Thanks. That's good information. But I think this is overkill in SOHO. I do have a need to limit the WWW access to my kids. I have another simple idea to use a router instead. I'm going to put the kid's PCs on a different subnet and put a router in between. Original network on E0/0, kid's network on E0/1. Using Time-based ACL, I should be able to limit the access as follows:-
Interface E0/0
IP address 192.168.0.2 255.255.255.0
IP access-group 101 in
access-list 101 deny TCP any any eq WWW
time-range no_http
access-list 101 permit IP any any
time-range no_http
periodic daily 20:00 to 08:59
Comments? Anyone? Thanks.
- AC
02-18-2008 05:56 AM
Thanks. That's good information. But I think this is overkill in SOHO. I do have a need to limit the WWW access to my kids. I have another simple idea to use a router instead. I'm going to put the kid's PCs on a different subnet and put a router in between. Original network on E0/0, kid's network on E0/1. Using Time-based ACL, I should be able to limit the access as follows:-
Interface E0/0
IP address 192.168.0.2 255.255.255.0
IP access-group 101 in
access-list 101 deny TCP any any eq WWW time-range no_http
access-list 101 permit IP any any
time-range no_http
periodic daily 20:00 to 08:59
Comments? Anyone? Thanks.
- AC
02-18-2008 07:28 AM
Definitely an overkill for SOHO, I was not aware of your target audience :)
Time-Based ACL should do the trick if you want to block internet browsing during certain hours.
One thing to keep in mind, internet is not only done via port 80. There are bunch of applications out there that do not rely on port 80. If you don't want your kids out of your network, just deny ip any any on that subnet and just allow yourself :)
__
Edison.
02-18-2008 11:51 AM
Already thought of that but there are a few school related software that would need to run with an internet connection. It is just WWW access that I would need to restrict at this time. This will make them more focus on the school work. Unless my kids figure out how to hack around, I think WWW restriction is all we need at this time.
Thanks. - AC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide