Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Restricting access via a 2621 Router.

I have a 2621 router installed and I want to restrict certain production computers from accessing anything other than the subnet they are on. What is the best to way to do this with a 2621 router? I was thinking an ACL but I figured I would post just to see what other or if this is the best option.

The layout is the router is on our internal network separating one division from another, but we have computers on production lines that they only want to access stuff on the 192.168.3.X Network and keep the off the 192.168.4.X and keep these machines off the Internet as well. Again just trying to figure out if this is possible with this router.

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Restricting access via a 2621 Router.

I would make the last lines as follows:

The line below will be the networks that are allowed after all of the denied hosts and networks(be careful not to block a network that falls into the permit statement below "it will be blocked".

permit ip 192.168.x.x x.x.255.255

-------------------

This line will block everything else:

deny ip an any log

Let me know if it works and rate it.

Sal

6 REPLIES
Hall of Fame Super Bronze

Re: Restricting access via a 2621 Router.

I was thinking an ACL

Your thinking is correct :)

__

Edison.

New Member

Re: Restricting access via a 2621 Router.

Are you trying to limit or deny access between the two divisions? If so then access lists will work just fine.

New Member

Re: Restricting access via a 2621 Router.

I am trying to do both. I want to deny them from getting off the 192.168.X.Y network but not stop them from getting around the 192.168 A.B network. And again I only want this to affect certain staticly mapped IP addresses.

New Member

Re: Restricting access via a 2621 Router.

Then you can use access lists to permit and deny host or whole networks in both directions.

exmaple:

deny ip host 192.168.0.202 any

deny ip host 192.168.1.197 any

deny ip host 192.168.3.3 any

deny ip host 192.168.3.36 any

permit ip host 192.168.9.40 any

permit ip host 192.168.9.23 any

permit ip host 192.168.11.19 any

permit ip 192.168.17.192 0.0.0.63 192.168.145.0 0.0.0.255

permit ip 192.168.17.192 0.0.0.63 192.168.146.0 0.0.0.255

permit ip 192.168.17.192 0.0.0.63 192.168.148.0 0.0.0.255

deny ip any any log

Let me know if this helped.

Sal

New Member

Re: Restricting access via a 2621 Router.

can I do a

permit ip any any instead of a deny ip any any?

This way I can do the deny and if it isn't listed it will be allowed out to the other networks and the net?

New Member

Re: Restricting access via a 2621 Router.

I would make the last lines as follows:

The line below will be the networks that are allowed after all of the denied hosts and networks(be careful not to block a network that falls into the permit statement below "it will be blocked".

permit ip 192.168.x.x x.x.255.255

-------------------

This line will block everything else:

deny ip an any log

Let me know if it works and rate it.

Sal

148
Views
0
Helpful
6
Replies
CreatePlease to create content