Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Restricting internet access

I have a client who has asked me to block internet traffic from a few PCs on the LAN. The setup is two Cisco 877s: one providing internet access (and is the LAN default GW), the other providing the VPN link to the head office.

These PCs should be allowed to browse the local network, traverse the VPN to get resources from the head office systems, but are denied access to any resources on the internet.

If possible, I would like to do this without having to reserve a block of IP addresses on the DHCP server and then restricting access from those IPs.

Would MAC access-lists be the solution? If so, how do I configure it without restricting access to LAN/VPN resources?

Sanitized config attached.

1 REPLY
Bronze

Re: Restricting internet access

Hi Andrew,

Since you are doing bridging on the interfaces,it may be possible to achieve MAC Address Filtering using ACL in the range 700. Not sure your platform/code support this.

Refer:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#m

113
Views
0
Helpful
1
Replies
CreatePlease to create content