Well first you need to determine the IP address of the KAZAA site your user is going to (ip accounting might work for this if you want or you might already know). You can also use nslookup to determine Kazaa sites, which I am sure there are a few. I got the following list setting type=A.
this is for my users to access the net. I'll try to add the deny command to all host of KAZAA using the standard access-list (which is also 2) and add the ip access-group to s0/e0 the result is, all my WS cant access the net. you can check my existing config.(partial only
ip address x.x.x.x 255.255.255.x secondary
ip address x.x.x.x 255.255.0.0
ip access-group 2 in
ip nat inside
ip route-cache same-interface
ip route-cache policy
ip route-cache flow
description 64l link to X
ip address x.x.x.x 255.255.255.x
ip access-group 2 out
ip nat outside
no ip address
description connected to remote sites
ip unnumbered Ethernet0
ip tcp header-compression passive
async mode interactive
peer default ip address pool x-group-1
no cdp enable
ppp authentication chap
group-range 1 8
ip local pool x-group-1 x.x.x.x x.x.x.x
ip nat pool mypool x.x.x.x x.x.x.x netmask 255.255.255.x
is not suited for this situation, as probably you know
standard accesslists do care about the source addresses only ,and you have this accesslist outbound on s0.
if you want to solve your problem with standard accesslists you got to bind your accesslist as an inbound one on your wan connection and you should add the statment of "permit any any "at the end of the accesslist
in addition to allow any traffic not equal to the source of kazaa
and in this regards it is not needed to bind any accesslist on your e0
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...