Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
259
Views
0
Helpful
1
Replies

Restricting internet access

clark-computers
Level 1
Level 1

‎09-01-2009 02:10 AM - edited ‎03-06-2019 07:31 AM

I have a client who has asked me to block internet traffic from a few PCs on the LAN. The setup is two Cisco 877s: one providing internet access (and is the LAN default GW), the other providing the VPN link to the head office.

These PCs should be allowed to browse the local network, traverse the VPN to get resources from the head office systems, but are denied access to any resources on the internet.

If possible, I would like to do this without having to reserve a block of IP addresses on the DHCP server and then restricting access from those IPs.

Would MAC access-lists be the solution? If so, how do I configure it without restricting access to LAN/VPN resources?

Sanitized config attached.

Labels:
Preview file
7 KB
0 Helpful
1 Reply 1

yagnesh_tel
Level 1
Level 1

‎09-01-2009 05:25 AM

Hi Andrew,

Since you are doing bridging on the interfaces,it may be possible to achieve MAC Address Filtering using ACL in the range 700. Not sure your platform/code support this.

Refer:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#m

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card