When using NAT, I understand that the translation is done BEFORE QoS is applied for inbound-to-outbound traffic. If this is correct, how would an ACL look if I wanted to restrict one host on the inside from going out a certain port?
Public IP: 126.96.36.199
Private IP: 192.168.1.50
If a service policy is applied as output on the public interface, then QoS would match on the 188.8.131.52 address, but if I wanted to restrict cnn.com, I would restrict everyone behind that address. Is there a way to restrict just the one host?
I've been using NBAR and I can't get anything to match, for whatever reason, so I'm wondering if it has something to do with NAT. Does anyone have a good example of a config that is using NAT, NBAR, and blocking either whole websites or, better yet, mime types?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...