I am not sure that I really understand your question. On the surface it seems a really easy question: yes you can create an access list that will prevent users from accessing the web (you would deny tcp eq www (for http) and perhaps deny tcp eq 443 (for https)). The symptoms would be that users would not be able to access any web sites. The browser would probably display an error message about not able to display this page.
I wonder if there is something else to this question or some different context? Perhaps you can clarify if I have not understood it correctly?
Based on the fairly vague description that you have provided so far there are several things which might cause the symptoms that you are experiencing. It might be an access list issue, it might be an address translation issue, it might be a DNS issue.
The easiest way to figure out what is the problem is for you to provide some details:
- what is the topology like - what networks or subnets are on the inside? what network is on the outside? Are you routing to the outside with a dynamic routing protocol or with static routes?
- it would be very helpful if you would post the configuration of the router.
I believe that Mahmood has identified a critical issue which is that you had configured ip nat inside and ip nat outside on interfaces but had not configured the ip nat inside source command to do address translation. Failure in address translation is one of the very common issues when users are not able to access Internet resources as I had suggested in my previous post.
In addition to that issue I note that there are 4 BRI interfaces and that they are all shut down. This would also prevent Internet access for users. Since you post seems to say that you were able to ping from the router I suspect that at some point they were not shut down. But in terms of the config posted that would certainly be an issue.
I also note that the dialer interface has some configuration that supports pap authentication. But there is no command to authenticate on the dialer. Depending on how your provider has set things up it may or may not be an issue.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...