Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
420
Views
0
Helpful
6
Replies

Restricting access via a 2621 Router.

Go to solution
ddevecka
Level 1
Level 1

‎04-15-2008 06:43 AM - edited ‎03-05-2019 10:24 PM

I have a 2621 router installed and I want to restrict certain production computers from accessing anything other than the subnet they are on. What is the best to way to do this with a 2621 router? I was thinking an ACL but I figured I would post just to see what other or if this is the best option.

The layout is the router is on our internal network separating one division from another, but we have computers on production lines that they only want to access stuff on the 192.168.3.X Network and keep the off the 192.168.4.X and keep these machines off the Internet as well. Again just trying to figure out if this is possible with this router.

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
s.marino
Level 1
Level 1
In response to ddevecka

‎04-15-2008 12:51 PM

I would make the last lines as follows:

The line below will be the networks that are allowed after all of the denied hosts and networks(be careful not to block a network that falls into the permit statement below "it will be blocked".

permit ip 192.168.x.x x.x.255.255

-------------------

This line will block everything else:

deny ip an any log

Let me know if it works and rate it.

Sal

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎04-15-2008 06:48 AM

I was thinking an ACL

Your thinking is correct :)

__

Edison.

0 Helpful

Go to solution
s.marino
Level 1
Level 1

‎04-15-2008 06:48 AM

Are you trying to limit or deny access between the two divisions? If so then access lists will work just fine.

0 Helpful

Go to solution
ddevecka
Level 1
Level 1
In response to s.marino

‎04-15-2008 06:57 AM

I am trying to do both. I want to deny them from getting off the 192.168.X.Y network but not stop them from getting around the 192.168 A.B network. And again I only want this to affect certain staticly mapped IP addresses.

0 Helpful

Go to solution
s.marino
Level 1
Level 1
In response to ddevecka

‎04-15-2008 11:19 AM

Then you can use access lists to permit and deny host or whole networks in both directions.

exmaple:

deny ip host 192.168.0.202 any

deny ip host 192.168.1.197 any

deny ip host 192.168.3.3 any

deny ip host 192.168.3.36 any

permit ip host 192.168.9.40 any

permit ip host 192.168.9.23 any

permit ip host 192.168.11.19 any

permit ip 192.168.17.192 0.0.0.63 192.168.145.0 0.0.0.255

permit ip 192.168.17.192 0.0.0.63 192.168.146.0 0.0.0.255

permit ip 192.168.17.192 0.0.0.63 192.168.148.0 0.0.0.255

deny ip any any log

Let me know if this helped.

Sal

0 Helpful

Go to solution
ddevecka
Level 1
Level 1
In response to s.marino

‎04-15-2008 11:37 AM

can I do a

permit ip any any instead of a deny ip any any?

This way I can do the deny and if it isn't listed it will be allowed out to the other networks and the net?

0 Helpful

Go to solution
s.marino
Level 1
Level 1
In response to ddevecka

‎04-15-2008 12:51 PM

I would make the last lines as follows:

The line below will be the networks that are allowed after all of the denied hosts and networks(be careful not to block a network that falls into the permit statement below "it will be blocked".

permit ip 192.168.x.x x.x.255.255

-------------------

This line will block everything else:

deny ip an any log

Let me know if it works and rate it.

Sal

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card