Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Do Cisco switches have this security function?

During the course of studying, I came across some security features for switch ports. I am about to put a Cisco switch on my home network and would like to specify the time of day that a client PC can use the port. (e.g. the port is allow traffic from 9am-6pm, the port would shutdown other times.) Is there such a feature with Cisco switches? If yes, what is the minimum IOS version supports it?

Thanks. - AC

5 REPLIES
Hall of Fame Super Bronze

Re: Do Cisco switches have this security function?

New Member

Re: Do Cisco switches have this security function?

Thanks. That's good information. But I think this is overkill in SOHO. I do have a need to limit the WWW access to my kids. I have another simple idea to use a router instead. I'm going to put the kid's PCs on a different subnet and put a router in between. Original network on E0/0, kid's network on E0/1. Using Time-based ACL, I should be able to limit the access as follows:-

Interface E0/0

IP address 192.168.0.2 255.255.255.0

IP access-group 101 in

access-list 101 deny TCP any any eq WWW

time-range no_http

access-list 101 permit IP any any

time-range no_http

periodic daily 20:00 to 08:59

Comments? Anyone? Thanks.

- AC

New Member

Re: Do Cisco switches have this security function?

Thanks. That's good information. But I think this is overkill in SOHO. I do have a need to limit the WWW access to my kids. I have another simple idea to use a router instead. I'm going to put the kid's PCs on a different subnet and put a router in between. Original network on E0/0, kid's network on E0/1. Using Time-based ACL, I should be able to limit the access as follows:-

Interface E0/0

IP address 192.168.0.2 255.255.255.0

IP access-group 101 in

access-list 101 deny TCP any any eq WWW time-range no_http

access-list 101 permit IP any any

time-range no_http

periodic daily 20:00 to 08:59

Comments? Anyone? Thanks.

- AC

Hall of Fame Super Bronze

Re: Do Cisco switches have this security function?

Definitely an overkill for SOHO, I was not aware of your target audience :)

Time-Based ACL should do the trick if you want to block internet browsing during certain hours.

One thing to keep in mind, internet is not only done via port 80. There are bunch of applications out there that do not rely on port 80. If you don't want your kids out of your network, just deny ip any any on that subnet and just allow yourself :)

__

Edison.

New Member

Re: Do Cisco switches have this security function?

Already thought of that but there are a few school related software that would need to run with an internet connection. It is just WWW access that I would need to restrict at this time. This will make them more focus on the school work. Unless my kids figure out how to hack around, I think WWW restriction is all we need at this time.

Thanks. - AC

117
Views
0
Helpful
5
Replies